Sign in Subscribe

npm package

@chainsafe/libp2p-noise

pkg:npm/%40chainsafe/libp2p-noise

Vulnerabilities (1)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-24759		—		< 4.1.2	4.1.2	Mar 17, 2022	`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose

CVE-2022-24759Mar 17, 2022
affected < 4.1.2fixed 4.1.2
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose