Описание
Sensitive Data Exposure in msrcrypto
Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography (ECC) implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability.
Recommendation
Upgrade to version 1.4.1 or later.
Пакеты
msrcrypto
< 1.4.1
1.4.1
Связанные уязвимости
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability