Control: tags -1 + confirmed On Tue, 2020-09-01 at 13:30 +0200, Xavier Guimard wrote: > node-elliptic allows ECDSA signature maleability via variations in > encoding, leading '\0' bytes, or integer overflows (CVE-2020-13822). > > [ Impact ] > This could conceivably have a security-relevant impact if an > application relied on a single canonical signature. > Please go ahead. Regards, Adam