Описание
Improper Key Verification in ipns
Versions 0.1.1 or 0.1.2 of ipns are vulnerable to improper key validation. This is due to the public key verification was not being performed properly, resulting in any key being valid.
Recommendation
Update to version 0.1.3 or later.
Пакеты
Наименование
ipns
npm
Затронутые версииВерсия исправления
< 0.1.3
0.1.3
7.5 High
CVSS3
Дефекты
CWE-287
7.5 High
CVSS3
Дефекты
CWE-287