Description
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.6.11
References
Related Issues
- SSRF & Credentials Leak - CVE-2023-49799
- Path Traversal in droppy - CVE-2020-7757
- HTML Injection in preact - Vulnerability
- Command Injection in dot - Vulnerability
- Tags:
- npm
- snarkjs
Anything's wrong? Let us know Last updated on January 21, 2025