WS-2019-0427 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0427

WS-2019-0427

Published:May 19, 2026

Updated:May 20, 2026

The function getNAF() in elliptic library has information leakage. This issue is mitigated in version 6.5.2

Affected Packages

elliptic (CDN_JS):

Affected version(s) >=6.3.1 <6.5.2

Fix Suggestion:

Update to version 6.5.2

genenotebook (CONDA):

Affected version(s) >=0.1.1 <0.3.0

Fix Suggestion:

Update to version 0.3.0

jsdom (CONDA):

Affected version(s) =11.0.0 <11.11.0

Fix Suggestion:

Update to version 11.11.0

elliptic (NPM):

Affected version(s) >=0.1.0 <6.5.2

Fix Suggestion:

Update to version 6.5.2

indianadavy.vuejswebapitemplate.csharp (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

dotnetng.template (NUGET):

Affected version(s) >=1.0.0.1 <1.0.0.4

Fix Suggestion:

Update to version 1.0.0.4

fable.template.elmish.react (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

romano.vue (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

sheeler.angulartemplate (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

pwptemplatecms (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

midiator.webclient (NUGET):

Affected version(s) >=1.0.98 <1.0.105

Fix Suggestion:

Update to version 1.0.105

vuetemplate (NUGET):

Affected version(s) =0.1.0

Fix Suggestion:

Update to version no_fix

fable.library.template (NUGET):

Affected version(s) >=0.1.0-alpha002 <=0.1.0-alpha003

Fix Suggestion:

Update to version no_fix

nordron.angulartemplate (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

corevuewebtest (NUGET):

Affected version(s) =3.0.100 <3.0.101

Fix Suggestion:

Update to version 3.0.101

sheelersoft.angulartemplate (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

pwptemplatepusintek (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/elliptic-6.5.4 <dev-feature/ISSUE-39

Fix Suggestion:

Update to version dev-feature/ISSUE-39

elegantweb/laravel-admin (PHP):

Affected version(s) >=1.0.x-dev <v1.0.2

Fix Suggestion:

Update to version v1.0.2

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =0.0.1 <0.0.2

Fix Suggestion:

Update to version 0.0.2

kayrules/solatjakim-api-site (PHP):

Affected version(s) =dev-master <dev-version-1.0

Fix Suggestion:

Update to version dev-version-1.0

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-carbon <dev-feature/serialized_db_fix

Fix Suggestion:

Update to version dev-feature/serialized_db_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/ssri-6.0.2 <dev-dependabot/npm_and_yarn/ws-6.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/ws-6.2.2

zymawy/ironside-core (PHP):

Affected version(s) =dev-master <dev-utils

Fix Suggestion:

Update to version dev-utils

oburatongoi/productivity (PHP):

Affected version(s) =dev-master <0.0.1

Fix Suggestion:

Update to version 0.0.1

trezebits/trezevel-gallery (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

carbonorm/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.3 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =dev-dev <dev-form-field-key

Fix Suggestion:

Update to version dev-form-field-key

contentasaurus/c-rex-admin (PHP):

Affected version(s) =v1.0.0 <v1.0.1

Fix Suggestion:

Update to version v1.0.1

carbonorm/carbonphp (PHP):

Affected version(s) >=4.5.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

richardtmiles/carbonphp (PHP):

Affected version(s) =4.5.0 <dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/public/components/admin-lte/chart.js-2.9.4 <dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

richardtmiles/carbonphp (PHP):

Affected version(s) =4.9.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

contentasaurus/c-rex-admin (PHP):

Affected version(s) >=v1.0.2 <v1.0.7

Fix Suggestion:

Update to version v1.0.7

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/composer/symfony/http-foundation-4.4.8 <dev-dependabot/npm_and_yarn/browserslist-4.16.6

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/browserslist-4.16.6

devsfort/fortblog (PHP):

Affected version(s) >=dev-dev <=1.0.1

Fix Suggestion:

Update to version no_fix

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=v0.0.17 <0.0.56

Fix Suggestion:

Update to version 0.0.56

richardtmiles/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

oburatongoi/productivity (PHP):

Affected version(s) >=0.0.9 <0.0.13

Fix Suggestion:

Update to version 0.0.13

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-Reacting <dev-RestUpdate_PrimaryKeyValidation

Fix Suggestion:

Update to version dev-RestUpdate_PrimaryKeyValidation

elegantweb/laravel-admin (PHP):

Affected version(s) >=v1.0.3 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.0 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-RichardTMiles-patch-1 <1.0.1

Fix Suggestion:

Update to version 1.0.1

oburatongoi/productivity (PHP):

Affected version(s) >=0.1.0 <=0.4.45

Fix Suggestion:

Update to version no_fix

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-master <1.0.0

Fix Suggestion:

Update to version 1.0.0

flexxia/flexprimeng (PHP):

Affected version(s) >=dev-dev-demo-primeng-chart <dev-update-angularjs

Fix Suggestion:

Update to version dev-update-angularjs

sergiosgc/jsonschema-form (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/js/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/js/y18n-4.0.1

Fix Suggestion:

Update to version no_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/axios-0.21.1 <dev-sanketraut-patch-1

Fix Suggestion:

Update to version dev-sanketraut-patch-1

gheb/nn (PHP):

Affected version(s) =dev-installed-example <dev-master

Fix Suggestion:

Update to version dev-master

deltasystems/dewdrop (PHP):

Affected version(s) =dev-feature/webpack <dev-hotfix-check-href

Fix Suggestion:

Update to version dev-hotfix-check-href

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/url-parse-1.5.3 <dev-dependabot/npm_and_yarn/url-parse-1.5.10

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/url-parse-1.5.10

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=0.0.4 <0.0.17

Fix Suggestion:

Update to version 0.0.17

postboxcms/postbox (PHP):

Affected version(s) =dev-master <dev-package/dbo

Fix Suggestion:

Update to version dev-package/dbo

ilhanet/erpnet-widget-resource (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.2 <v2.0.2

Fix Suggestion:

Update to version v2.0.2

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-StatsCoach <dev-always_send_request_body

Fix Suggestion:

Update to version dev-always_send_request_body

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.0 <v2.0.0

Fix Suggestion:

Update to version v2.0.0

flexxia/flexprimeng (PHP):

Affected version(s) =dev-anguarJs-v7 <dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

mayronalves/laravel-core (PHP):

Affected version(s) >=v1.0.0 <dev-dependabot/composer/symfony/mime-4.4.1

Fix Suggestion:

Update to version dev-dependabot/composer/symfony/mime-4.4.1

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.4 <dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

moxie-dom (RUST):

Affected version(s) =0.1.0 <0.1.1-alpha.0

Fix Suggestion:

Update to version 0.1.1-alpha.0

electrscash (RUST):

Affected version(s) =1.0.0 <1.1.1

Fix Suggestion:

Update to version 1.1.1

rustimate-client (RUST):

Affected version(s) >=0.0.1 <=0.1.0

Fix Suggestion:

Update to version no_fix

Related Resources (1)

https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Do you need more information?

CVSS v4

Base Score:

Attack Vector

ADJACENT

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE