We found results for “”
WS-2019-0424
Good to know:
Date: November 13, 2019
all versions before 6.5.2 of elliptic are vulnerable to Timing Attack through side-channels.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Observable Timing Discrepancy
CWE-208Top Fix
Upgrade Version
Upgrade to version GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | HIGH |
Availability (A): | NONE |