CVE-2024-48949
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-48949 is a critical vulnerability found in the verify function of the Elliptic package, specifically in lib/elliptic/eddsa/index.js, affecting versions prior to 6.5.6 for Node.js. The vulnerability arises from the omission of essential validation checks for cryptographic signatures, which can lead to both high confidentiality and integrity impacts when exploited over a network. Affected products include zVBRyZ, zXQp1H, zVBRyY, zWXA7a, zVBRyX, and zXQp1I. Organizations are advised to remediate this issue by updating their Elliptic package to version 6.5.6 or later as detailed in the provided GitHub references. Failure to address this vulnerability may expose systems to significant security risks due to improper verification of cryptographic signatures (CWE-347).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.