VYPR

npm package

sjcl

pkg:npm/sjcl

Vulnerabilities (1)

  • CVE-2026-4258HigMar 17, 2026
    affected < 1.0.9fixed 1.0.9

    All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observin