You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the latest version of the sdk npm audit informs me that CVE-2024-37168] is present
Here is my output
@grpc/grpc-js <1.8.22
Severity: moderate
@grpc/grpc-js can allocate memory for incoming messages well above configured limits - https://github.com/advisories/GHSA-7v5v-9h63-cj86
fix available via `npm audit fix --force`
Will install @hashgraph/[email protected], which is a breaking change
node_modules/@grpc/grpc-js
@hashgraph/sdk >=2.25.0
Depends on vulnerable versions of @ethersproject/abi
Depends on vulnerable versions of @grpc/grpc-js
node_modules/@hashgraph/sdk
elliptic <=6.5.7
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24pElliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
Elliptic's verify function omits uniqueness validation - https://github.com/advisories/GHSA-434g-2637-qmqrValid ECDSA signatures erroneously rejected in Elliptic - https://github.com/advisories/GHSA-fc9h-whq2-v747fix available via `npm audit fix --force`Will install @hashgraph/[email protected], which is a breaking changenode_modules/elliptic @ethersproject/signing-key <=5.7.0 Depends on vulnerable versions of elliptic node_modules/@ethersproject/signing-key @ethersproject/transactions <=5.7.0 Depends on vulnerable versions of @ethersproject/signing-key node_modules/@ethersproject/transactions @ethersproject/abstract-provider * Depends on vulnerable versions of @ethersproject/transactions node_modules/@ethersproject/abstract-provider @ethersproject/abstract-signer * Depends on vulnerable versions of @ethersproject/abstract-provider node_modules/@ethersproject/abstract-signer @ethersproject/hash 5.0.6 - 5.7.0 Depends on vulnerable versions of @ethersproject/abstract-signer node_modules/@ethersproject/hash @ethersproject/abi 5.0.10 - 5.7.0 Depends on vulnerable versions of @ethersproject/hash node_modules/@ethersproject/abi
Steps to reproduce
Using npm Install @hashgraph/sdk: 2.54.2
Run npm audit
Additional context
Bug report states that it is true for >=2.25.0
Hedera network
No response
Version
2.54.2
Operating system
macOS
The text was updated successfully, but these errors were encountered:
Description
When using the latest version of the sdk npm audit informs me that CVE-2024-37168] is present
Here is my output
Steps to reproduce
Additional context
Bug report states that it is true for >=2.25.0
Hedera network
No response
Version
2.54.2
Operating system
macOS
The text was updated successfully, but these errors were encountered: