Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the x_engineVerify() method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from previous signatures for a known message.
Remediation
There is no fixed version for net.i2p.crypto:eddsa.