Vulnerabilities

 1 via 16 paths

Dependencies

 195

Source

 GitHub

Commit

 06be3bd1

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Use of a Cryptographic Primitive with a Risky Implementation

  • Vulnerable module: elliptic
  • Introduced through: @ethersproject/wallet@5.8.0

Detailed paths

  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/hash@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/wordlists@5.8.0 @ethersproject/hash@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/wordlists@5.8.0 @ethersproject/hash@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1
  • Introduced through: polymarket-trader-mcp@demwick/polymarket-trader-mcp#06be3bd10d12b746ac71812bada19262dca7d241 @ethersproject/wallet@5.8.0 @ethersproject/json-wallets@5.8.0 @ethersproject/hdnode@5.8.0 @ethersproject/wordlists@5.8.0 @ethersproject/hash@5.8.0 @ethersproject/abstract-signer@5.8.0 @ethersproject/abstract-provider@5.8.0 @ethersproject/transactions@5.8.0 @ethersproject/signing-key@5.8.0 elliptic@6.6.1

Overview

elliptic is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the incorrect computation of the byte-length of k value with leading zeros resulting in its truncation. An attacker can obtain the secret key by analyzing both a faulty signature generated by a vulnerable implementation and a correct signature for the same inputs.

Note:

There is a distinct but related issue CVE-2024-48948.

Remediation

There is no fixed version for elliptic.

References

Use of a Cryptographic Primitive with a Risky Implementation vulnerability report