npm package
ecdh
pkg:npm/ecdh
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-44310 | — | < 0.2.0 | 0.2.0 | Feb 24, 2023 | In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. |
- CVE-2022-44310Feb 24, 2023affected < 0.2.0fixed 0.2.0
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.