Description
Versions 0.1.1 or 0.1.2 of ipns are vulnerable to improper key validation. This is due to the public key verification was not being performed properly, resulting in any key being valid.
Recommendation
Update the ipns package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.3
- Patched version(s): 0.1.3
References
Related Issues
- Improper Key Verification in openpgp - CVE-2019-9154
- Improper Verification of Cryptographic Signature (GHSA-7r96-8g3x-g36m) - Vulnerability
- Strapi Improper Rate Limiting vulnerability - CVE-2023-38507
- @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability - CVE-2024-34345
- Tags:
- npm
- ipns
Anything's wrong? Let us know Last updated on December 07, 2023