Minerva attack vulnerability #352
Description
The ecdsa PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.
Below are the risk factors associated to this issue -
Attack vector: network, High severity, Package in use
Vulnerability link - https://nvd.nist.gov/vuln/detail/CVE-2024-23342