Description
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.6.11
References
Related Issues
- Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) - CVE-2023-34092
- Svelecte item names vulnerable to execution of arbitrary JavaScript - CVE-2023-38687
- Strapi does not verify the access or ID tokens issued during the OAuth flow - CVE-2023-22893
- Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - CVE-2023-45133
You might also like:
- Tags:
- npm
- snarkjs
Anything's wrong? Let us know Last updated on January 21, 2025


