Home > Vulnerability Database > WS-2019-0424

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2019-0424

Good to know:

Date: November 13, 2019

all versions before 6.5.2 of elliptic are vulnerable to Timing Attack through side-channels.

Language: Java

Severity Score

5.9

Related Resources (2)

Url: https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Url: https://www.mend.io/vulnerability-database/WS-2019-0424

Severity Score

5.9

Weakness Type (CWE)

Observable Timing Discrepancy

CWE-208

Top Fix

Upgrade Version

Upgrade to version GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0424

Good to know:

Date: November 13, 2019

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?