Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
python-ecdsa vulnerable to Minerva attack on P-256
Vulnerability Description
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
ecdsa 安全漏洞
Vulnerability Description
python-ecdsa是一款基于Python的签名验证插件。 ecdsa 0.18.0及之前版本存在安全漏洞,该漏洞源于容易受到Minerva攻击。
CVSS Information
N/A
Vulnerability Type
N/A