WS-2019-0424
Published:May 19, 2026
Updated:May 20, 2026
all versions before 6.5.2 of elliptic are vulnerable to Timing Attack through side-channels.
Affected Packages
elliptic (CDN_JS):
Affected version(s) >=6.3.1 <6.5.3Fix Suggestion:
Update to version 6.5.3genenotebook (CONDA):
Affected version(s) >=0.1.1 <0.3.0Fix Suggestion:
Update to version 0.3.0jupyterlab-nvdashboard (CONDA):
Affected version(s) >=0.1.11 <0.5.0Fix Suggestion:
Update to version 0.5.0jsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0spyder-terminal (CONDA):
Affected version(s) >=0.3.0 <1.0.0Fix Suggestion:
Update to version 1.0.0make-sense (CONDA):
Affected version(s) >=1.6.0 <=1.7.0Fix Suggestion:
Update to version no_fixdoccano (CONDA):
Affected version(s) >=1.0.4 <1.4.1Fix Suggestion:
Update to version 1.4.1elliptic (NPM):
Affected version(s) >=0.1.0 <6.5.3Fix Suggestion:
Update to version 6.5.3pwptemplatepusintek (NUGET):
Affected version(s) =0.0.1Fix Suggestion:
Update to version no_fixindianadavy.vuejswebapitemplate.csharp (NUGET):
Affected version(s) =1.0.0 <1.0.1Fix Suggestion:
Update to version 1.0.1vuetemplate (NUGET):
Affected version(s) =0.1.0Fix Suggestion:
Update to version no_fixsheelersoft.angulartemplate (NUGET):
Affected version(s) >=0.0.1 <=0.0.2Fix Suggestion:
Update to version no_fixpwptemplatecms (NUGET):
Affected version(s) >=0.0.1 <=0.0.2Fix Suggestion:
Update to version no_fixmidiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105romano.vue (NUGET):
Affected version(s) =1.0.0 <1.0.1Fix Suggestion:
Update to version 1.0.1dotnetng.template (NUGET):
Affected version(s) >=1.0.0.1 <1.0.0.4Fix Suggestion:
Update to version 1.0.0.4fable.template.elmish.react (NUGET):
Affected version(s) =0.1.5 <0.1.6Fix Suggestion:
Update to version 0.1.6octoweb01 (NUGET):
Affected version(s) =1.1.0Fix Suggestion:
Update to version no_fixcorevuewebtest (NUGET):
Affected version(s) =3.0.100 <3.0.101Fix Suggestion:
Update to version 3.0.101gr.pagerender.razor (NUGET):
Affected version(s) >=1.6.0 <1.8.0Fix Suggestion:
Update to version 1.8.0fable.library.template (NUGET):
Affected version(s) >=0.1.0-alpha002 <=0.1.0-alpha003Fix Suggestion:
Update to version no_fixvuejs.netcore (NUGET):
Affected version(s) >=1.0.2 <1.1.1Fix Suggestion:
Update to version 1.1.1nordron.angulartemplate (NUGET):
Affected version(s) =0.1.5 <0.1.6Fix Suggestion:
Update to version 0.1.6sheeler.angulartemplate (NUGET):
Affected version(s) =0.0.1Fix Suggestion:
Update to version no_fixflexxia/flexprimeng (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/css/postcss/minimatch-3.1.2 <dev-dependabot/npm_and_yarn/css/postcss/browserslist-4.17.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/css/postcss/browserslist-4.17.0ejin/like-counter (PHP):
Affected version(s) =dev-master <v0.1.0Fix Suggestion:
Update to version v0.1.0timoetting/kirby-builder (PHP):
Affected version(s) =2.0.2 <v2.0.2Fix Suggestion:
Update to version v2.0.2postboxcms/postbox (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/ssri-6.0.2 <dev-dependabot/npm_and_yarn/ws-6.2.2Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/ws-6.2.2kayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0meesy/shopavel (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/decode-uri-component-0.2.2 <dev-dependabot/npm_and_yarn/axios-0.21.2Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/axios-0.21.2chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.4 <0.0.17Fix Suggestion:
Update to version 0.0.17richardtmiles/carbonphp (PHP):
Affected version(s) =dev-carbon <dev-feature/serialized_db_fixFix Suggestion:
Update to version dev-feature/serialized_db_fixcontentasaurus/c-rex-admin (PHP):
Affected version(s) =v1.0.0 <v1.0.1Fix Suggestion:
Update to version v1.0.1elegantweb/laravel-admin (PHP):
Affected version(s) =dev-master <1.0.0Fix Suggestion:
Update to version 1.0.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.1 <0.0.2Fix Suggestion:
Update to version 0.0.2chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=v0.0.17 <0.0.56Fix Suggestion:
Update to version 0.0.56ilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixelegantweb/laravel-admin (PHP):
Affected version(s) >=v2.0.0 <v2.0.3Fix Suggestion:
Update to version v2.0.3richardtmiles/carbonphp (PHP):
Affected version(s) =dev-StatsCoach <dev-always_send_request_bodyFix Suggestion:
Update to version dev-always_send_request_bodynovum/innovation-app-core (PHP):
Affected version(s) >=dev-code-cleanup <dev-temp-commitFix Suggestion:
Update to version dev-temp-commitelegantweb/laravel-admin (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/public/components/admin-lte/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/public/components/browserify-zlib/elliptic-6.5.4Fix Suggestion:
Update to version no_fixmeesy/shopavel (PHP):
Affected version(s) >=dev-dependabot/composer/laravel/fortify-1.11.1 <dev-dependabot/npm_and_yarn/ansi-regex-5.0.1Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/ansi-regex-5.0.1postboxcms/postbox (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/url-parse-1.5.3 <dev-dependabot/npm_and_yarn/url-parse-1.5.10Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/url-parse-1.5.10narirock/marrs-catalog (PHP):
Affected version(s) >=dev-dev <=1Fix Suggestion:
Update to version no_fixrichardtmiles/carbonphp (PHP):
Affected version(s) =4.9.0 <5.0.0Fix Suggestion:
Update to version 5.0.0flexxia/flexprimeng (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/css/postcss/minimist-1.2.8 <dev-dependabot/npm_and_yarn/css/postcss/ini-1.3.8Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/css/postcss/ini-1.3.8richardtmiles/carbonphp (PHP):
Affected version(s) =dev-Reacting <dev-RestUpdate_PrimaryKeyValidationFix Suggestion:
Update to version dev-RestUpdate_PrimaryKeyValidationtimoetting/kirby-builder (PHP):
Affected version(s) =2.0.3 <v2.0.3Fix Suggestion:
Update to version v2.0.3devsfort/fortblog (PHP):
Affected version(s) >=dev-dev <=1.0.1Fix Suggestion:
Update to version no_fixmeesy/shopavel (PHP):
Affected version(s) =dev-MeesyBE-patch-1 <dev-add-code-of-conduct-1Fix Suggestion:
Update to version dev-add-code-of-conduct-1oburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <=0.4.45Fix Suggestion:
Update to version no_fixmiljoen/nova-autofill (PHP):
Affected version(s) >=v1.2 <=v1.4Fix Suggestion:
Update to version no_fixtrezebits/trezevel-gallery (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixcarbonorm/carbonphp (PHP):
Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keyflexxia/flexprimeng (PHP):
Affected version(s) =dev-anguarJs-v7 <dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2elegantweb/laravel-admin (PHP):
Affected version(s) >=1.0.x-dev <v1.0.2Fix Suggestion:
Update to version v1.0.2elegantweb/laravel-admin (PHP):
Affected version(s) >=v2.0.4 <dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2postboxcms/postbox (PHP):
Affected version(s) >=dev-dependabot/composer/symfony/http-foundation-4.4.8 <dev-dependabot/npm_and_yarn/browserslist-4.16.6Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/browserslist-4.16.6postboxcms/postbox (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/elliptic-6.5.4 <dev-feature/ISSUE-39Fix Suggestion:
Update to version dev-feature/ISSUE-39postboxcms/postbox (PHP):
Affected version(s) =dev-master <dev-package/dboFix Suggestion:
Update to version dev-package/dborichardtmiles/carbonphp (PHP):
Affected version(s) =4.5.0 <dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1gheb/nn (PHP):
Affected version(s) =dev-installed-example <dev-masterFix Suggestion:
Update to version dev-mastermahlamusa/material-php (PHP):
Affected version(s) =dev-use-mdc-web <1.0.0Fix Suggestion:
Update to version 1.0.0postboxcms/postbox (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/axios-0.21.1 <dev-sanketraut-patch-1Fix Suggestion:
Update to version dev-sanketraut-patch-1emolinablas/laravel-vue-crud (PHP):
Affected version(s) =1.0.0 <1.0.1Fix Suggestion:
Update to version 1.0.1mayronalves/laravel-core (PHP):
Affected version(s) >=v1.0.0 <dev-dependabot/composer/symfony/mime-4.4.1Fix Suggestion:
Update to version dev-dependabot/composer/symfony/mime-4.4.1horizon/description (PHP):
Affected version(s) =dev-master <dev-dependabot/npm_and_yarn/axios-0.21.1Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/axios-0.21.1meesy/shopavel (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/eventsource-1.1.1 <dev-dependabot/npm_and_yarn/dns-packet-1.3.4Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/dns-packet-1.3.4deltasystems/dewdrop (PHP):
Affected version(s) =dev-feature/webpack <dev-hotfix-check-hrefFix Suggestion:
Update to version dev-hotfix-check-hrefapothan/open-tour-website (PHP):
Affected version(s) =dev-main <dev-masterFix Suggestion:
Update to version dev-mastertimoetting/kirby-builder (PHP):
Affected version(s) =2.0.0 <v2.0.0Fix Suggestion:
Update to version v2.0.0sergiosgc/jsonschema-form (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/js/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/js/y18n-4.0.1Fix Suggestion:
Update to version no_fixmiljoen/nova-autofill (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0bizprove/canvas (PHP):
Affected version(s) =dev-master <v1.0Fix Suggestion:
Update to version v1.0elegantweb/laravel-admin (PHP):
Affected version(s) >=v1.0.3 <v1.1.2Fix Suggestion:
Update to version v1.1.2meesy/shopavel (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/ansi-html-and-webpack-dev-server--removed <dev-masterFix Suggestion:
Update to version dev-masteroburatongoi/productivity (PHP):
Affected version(s) =dev-master <0.0.1Fix Suggestion:
Update to version 0.0.1zymawy/ironside-core (PHP):
Affected version(s) =dev-master <dev-utilsFix Suggestion:
Update to version dev-utilsrichardtmiles/carbonphp (PHP):
Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0contentasaurus/c-rex-admin (PHP):
Affected version(s) >=v1.0.2 <v1.0.7Fix Suggestion:
Update to version v1.0.7carbonorm/carbonphp (PHP):
Affected version(s) >=4.5.0 <5.0.0Fix Suggestion:
Update to version 5.0.0richardtmiles/carbonphp (PHP):
Affected version(s) =dev-RichardTMiles-patch-1 <1.0.1Fix Suggestion:
Update to version 1.0.1elegantweb/laravel-admin (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/public/components/admin-lte/chart.js-2.9.4 <dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22horizon/description (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/lodash-4.17.19Fix Suggestion:
Update to version no_fixoburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13meesy/shopavel (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/loader-utils-1.4.2 <dev-dependabot/npm_and_yarn/color-string-1.6.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/color-string-1.6.0spyder-terminal (PYTHON):
Affected version(s) >=0.3.0 <1.0.0Fix Suggestion:
Update to version 1.0.0jupyterlab-nvdashboard (PYTHON):
Affected version(s) >=0.1.11 <0.5.0Fix Suggestion:
Update to version 0.5.0electrscash (RUST):
Affected version(s) =1.0.0 <1.1.1Fix Suggestion:
Update to version 1.1.1moxie-dom (RUST):
Affected version(s) =0.1.0 <0.1.1-alpha.0Fix Suggestion:
Update to version 0.1.1-alpha.0rustimate-client (RUST):
Affected version(s) >=0.0.1 <=0.1.0Fix Suggestion:
Update to version no_fixRelated Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
6
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.9
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE