Improper Key Verification Affecting ipns package, versions >=0.1.1 <0.1.3


0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-IPNS-173683
  • published 13 Feb 2019
  • disclosed 24 Aug 2018
  • credit Brendan McMillion

Introduced: 24 Aug 2018

CVE NOT AVAILABLE CWE-287 Open this link in a new tab

How to fix?

Upgrade ipns to version 0.1.3 or higher.

Overview

ipns contains all the necessary code for creating, understanding and validating IPNS records.

Affected versions of this package are vulnerable to Improper Key Verification due to improperly public key verification, resulting in any key being valid.