WS-2019-0427 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0427

WS-2019-0427

Published:May 14, 2026

Updated:May 14, 2026

The function getNAF() in elliptic library has information leakage. This issue is mitigated in version 6.5.2

Affected Packages

elliptic (CDN_JS):

Affected version(s) >=6.3.1 <6.5.2

Fix Suggestion:

Update to version 6.5.2

genenotebook (CONDA):

Affected version(s) >=0.1.1 <0.3.0

Fix Suggestion:

Update to version 0.3.0

jsdom (CONDA):

Affected version(s) =11.0.0 <11.11.0

Fix Suggestion:

Update to version 11.11.0

elliptic (NPM):

Affected version(s) >=0.1.0 <6.5.2

Fix Suggestion:

Update to version 6.5.2

indianadavy.vuejswebapitemplate.csharp (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

pwptemplatepusintek (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

vuetemplate (NUGET):

Affected version(s) =0.1.0

Fix Suggestion:

Update to version no_fix

corevuewebtest (NUGET):

Affected version(s) =3.0.100 <3.0.101

Fix Suggestion:

Update to version 3.0.101

fable.library.template (NUGET):

Affected version(s) >=0.1.0-alpha002 <=0.1.0-alpha003

Fix Suggestion:

Update to version no_fix

fable.template.elmish.react (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

midiator.webclient (NUGET):

Affected version(s) >=1.0.98 <1.0.105

Fix Suggestion:

Update to version 1.0.105

romano.vue (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

pwptemplatecms (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

sheelersoft.angulartemplate (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

dotnetng.template (NUGET):

Affected version(s) >=1.0.0.1 <1.0.0.4

Fix Suggestion:

Update to version 1.0.0.4

nordron.angulartemplate (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

sheeler.angulartemplate (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

elegantweb/laravel-admin (PHP):

Affected version(s) >=v1.0.3 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

carbonorm/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =dev-dev <dev-form-field-key

Fix Suggestion:

Update to version dev-form-field-key

deltasystems/dewdrop (PHP):

Affected version(s) =dev-feature/webpack <dev-hotfix-check-href

Fix Suggestion:

Update to version dev-hotfix-check-href

contentasaurus/c-rex-admin (PHP):

Affected version(s) >=v1.0.2 <v1.0.7

Fix Suggestion:

Update to version v1.0.7

ilhanet/erpnet-widget-resource (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

richardtmiles/carbonphp (PHP):

Affected version(s) =4.9.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-carbon <dev-feature/serialized_db_fix

Fix Suggestion:

Update to version dev-feature/serialized_db_fix

carbonorm/carbonphp (PHP):

Affected version(s) >=4.5.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/axios-0.21.1 <dev-sanketraut-patch-1

Fix Suggestion:

Update to version dev-sanketraut-patch-1

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.0 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

mayronalves/laravel-core (PHP):

Affected version(s) >=v1.0.0 <dev-dependabot/composer/symfony/mime-4.4.1

Fix Suggestion:

Update to version dev-dependabot/composer/symfony/mime-4.4.1

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/public/components/admin-lte/chart.js-2.9.4 <dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

richardtmiles/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-master <1.0.0

Fix Suggestion:

Update to version 1.0.0

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=0.0.4 <0.0.17

Fix Suggestion:

Update to version 0.0.17

flexxia/flexprimeng (PHP):

Affected version(s) =dev-anguarJs-v7 <dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

richardtmiles/carbonphp (PHP):

Affected version(s) =4.5.0 <dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/elliptic-6.5.4 <dev-feature/ISSUE-39

Fix Suggestion:

Update to version dev-feature/ISSUE-39

gheb/nn (PHP):

Affected version(s) =dev-installed-example <dev-master

Fix Suggestion:

Update to version dev-master

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-StatsCoach <dev-always_send_request_body

Fix Suggestion:

Update to version dev-always_send_request_body

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/url-parse-1.5.3 <dev-dependabot/npm_and_yarn/url-parse-1.5.10

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/url-parse-1.5.10

trezebits/trezevel-gallery (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.0 <v2.0.0

Fix Suggestion:

Update to version v2.0.0

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-RichardTMiles-patch-1 <1.0.1

Fix Suggestion:

Update to version 1.0.1

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=v0.0.17 <0.0.56

Fix Suggestion:

Update to version 0.0.56

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.2 <v2.0.2

Fix Suggestion:

Update to version v2.0.2

zymawy/ironside-core (PHP):

Affected version(s) =dev-master <dev-utils

Fix Suggestion:

Update to version dev-utils

oburatongoi/productivity (PHP):

Affected version(s) =dev-master <0.0.1

Fix Suggestion:

Update to version 0.0.1

elegantweb/laravel-admin (PHP):

Affected version(s) >=1.0.x-dev <v1.0.2

Fix Suggestion:

Update to version v1.0.2

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =0.0.1 <0.0.2

Fix Suggestion:

Update to version 0.0.2

postboxcms/postbox (PHP):

Affected version(s) =dev-master <dev-package/dbo

Fix Suggestion:

Update to version dev-package/dbo

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.3 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

oburatongoi/productivity (PHP):

Affected version(s) >=0.1.0 <=0.4.45

Fix Suggestion:

Update to version no_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/ssri-6.0.2 <dev-dependabot/npm_and_yarn/ws-6.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/ws-6.2.2

devsfort/fortblog (PHP):

Affected version(s) >=dev-dev <=1.0.1

Fix Suggestion:

Update to version no_fix

oburatongoi/productivity (PHP):

Affected version(s) >=0.0.9 <0.0.13

Fix Suggestion:

Update to version 0.0.13

flexxia/flexprimeng (PHP):

Affected version(s) >=dev-dev-demo-primeng-chart <dev-update-angularjs

Fix Suggestion:

Update to version dev-update-angularjs

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.4 <dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-Reacting <dev-RestUpdate_PrimaryKeyValidation

Fix Suggestion:

Update to version dev-RestUpdate_PrimaryKeyValidation

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/composer/symfony/http-foundation-4.4.8 <dev-dependabot/npm_and_yarn/browserslist-4.16.6

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/browserslist-4.16.6

contentasaurus/c-rex-admin (PHP):

Affected version(s) =v1.0.0 <v1.0.1

Fix Suggestion:

Update to version v1.0.1

sergiosgc/jsonschema-form (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/js/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/js/y18n-4.0.1

Fix Suggestion:

Update to version no_fix

kayrules/solatjakim-api-site (PHP):

Affected version(s) =dev-master <dev-version-1.0

Fix Suggestion:

Update to version dev-version-1.0

rustimate-client (RUST):

Affected version(s) >=0.0.1 <=0.1.0

Fix Suggestion:

Update to version no_fix

moxie-dom (RUST):

Affected version(s) =0.1.0 <0.1.1-alpha.0

Fix Suggestion:

Update to version 0.1.1-alpha.0

electrscash (RUST):

Affected version(s) =1.0.0 <1.1.1

Fix Suggestion:

Update to version 1.1.1

Related Resources (1)

https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Do you need more information?

CVSS v4

Base Score:

Attack Vector

ADJACENT

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE