0.004 Low
EPSS
Percentile
72.1%
The Elliptic for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘\0’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
bugzilla.redhat.com/show_bug.cgi?id=1848647
nvd.nist.gov/vuln/detail/CVE-2020-13822
snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
www.cve.org/CVERecord?id=CVE-2020-13822