[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-23342":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":95,"aliases":105,"duplicate_of":9,"upstream":107,"downstream":108,"duplicates":117,"related":118,"reserved_at":9,"published_at":121,"modified_at":122,"state":123,"summary":124,"references_raw":132,"kevs":175,"epss":176,"epss_history":179,"metrics":432,"affected":442},"CVE-2024-23342","The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.",null,[11,23,87],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-203","Observable Discrepancy","The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.","weakness","Incomplete","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-189","Black Box Reverse Engineering",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":27},"CWE-208","Observable Timing Discrepancy","Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.",[28,32,44],{"id":29,"name":30,"techniques":31},"CAPEC-462","Cross-Domain Search Timing",[],{"id":33,"name":34,"techniques":35},"CAPEC-541","Application Fingerprinting",[36],{"id":37,"name":38,"tactics":39,"countermeasures":43},"T1592.002","Software",[40],{"id":41,"name":42},"TA0043","Reconnaissance",[],{"id":45,"name":46,"techniques":47},"CAPEC-580","System Footprinting",[48],{"id":49,"name":50,"tactics":51,"countermeasures":55},"T1082","System Information Discovery",[52],{"id":53,"name":54},"TA0102","Discovery",[56,61,65,70,75,79,83],{"id":57,"name":58,"tactic":59},"D3-SCA","System Call Analysis",{"name":60},"Detect",{"id":62,"name":63,"tactic":64},"D3-PSA","Process Spawn Analysis",{"name":60},{"id":66,"name":67,"tactic":68},"D3-DE","Decoy Environment",{"name":69},"Deceive",{"id":71,"name":72,"tactic":73},"D3-SCF","System Call Filtering",{"name":74},"Isolate",{"id":76,"name":77,"tactic":78},"D3-EAL","Executable Allowlisting",{"name":74},{"id":80,"name":81,"tactic":82},"D3-EDL","Executable Denylisting",{"name":74},{"id":84,"name":85,"tactic":86},"D3-HBPI","Hardware-based Process Isolation",{"name":74},{"_key":88,"id":88,"name":89,"description":90,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":91,"capec":92},"CWE-385","Covert Timing Channel","Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.","Medium",[93],{"id":29,"name":30,"techniques":94},[],[96],{"_key":97,"name":98,"source":99,"url":100,"maturity":101,"reliability_score":102,"verified":103,"type":9,"platforms":104,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_TLSFUZZER_PYTHON-ECDSA","Python Ecdsa","github","https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp","poc",0.3,false,[],[106],"GHSA-wj6h-64fc-37mp",[],[109,111,113,115],{"_key":110},"DEBIAN-CVE-2024-23342",{"_key":112},"UBUNTU-CVE-2024-23342",{"_key":114},"RHSA-2024:10806",{"_key":116},"RHSA-2024:1878",[],[119],{"_key":120},"CGA-CJ46-F22R-FR26","2024-01-22T23:09:35.775Z","2025-05-30T14:21:45.651Z","Analyzed",{"cisa_kev":103,"cisa_ransomware":103,"cisa_vendor":9,"epss_severity":125,"epss_score":126,"severity":127,"severity_score":128,"severity_version":129,"severity_source":130,"severity_vector":131,"severity_status":123},"low",0.00622,"high",7.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",[133,142,148,153,157,162,167,171],{"url":100,"sources":134,"tags":137},[130,135,136],"nvd","osv_pypi",[138,139,140,141],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB",{"url":143,"sources":144,"tags":145},"https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md",[130,135,136],[146,147,141],"X Refsource MISC","Product",{"url":149,"sources":150,"tags":151},"https://minerva.crocs.fi.muni.cz/",[130,135],[146,152],"Technical Description",{"url":154,"sources":155,"tags":156},"https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/",[130,135],[146,152],{"url":158,"sources":159,"tags":160},"https://nvd.nist.gov/vuln/detail/CVE-2024-23342",[136],[161],"Advisory",{"url":163,"sources":164,"tags":165},"https://github.com/tlsfuzzer/python-ecdsa",[136],[166],"PACKAGE",{"url":168,"sources":169,"tags":170},"https://minerva.crocs.fi.muni.cz",[136],[141],{"url":172,"sources":173,"tags":174},"https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python",[136],[141],[],{"date":177,"score":126,"percentile":178},"2026-06-04",0.70478,[180,183,186,188,191,194,197,200,202,205,208,211,214,217,220,224,227,230,233,236,239,242,244,246,248,251,254,256,259,262,265,267,269,272,274,276,279,282,285,288,291,294,296,299,302,305,308,311,314,316,318,321,324,327,330,332,335,337,339,342,345,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,397,400,402,405,408,411,414,417,420,423,426,429],{"date":181,"score":126,"percentile":182},"2025-11-04",0.69251,{"date":184,"score":126,"percentile":185},"2025-11-05",0.69238,{"date":187,"score":126,"percentile":185},"2025-11-06",{"date":189,"score":126,"percentile":190},"2025-11-07",0.69249,{"date":192,"score":126,"percentile":193},"2025-11-08",0.6925,{"date":195,"score":126,"percentile":196},"2025-11-09",0.6924,{"date":198,"score":126,"percentile":199},"2025-11-10",0.69231,{"date":201,"score":126,"percentile":196},"2025-11-11",{"date":203,"score":126,"percentile":204},"2025-11-12",0.69264,{"date":206,"score":126,"percentile":207},"2025-11-13",0.6927,{"date":209,"score":126,"percentile":210},"2025-11-14",0.69279,{"date":212,"score":126,"percentile":213},"2025-11-15",0.69275,{"date":215,"score":126,"percentile":216},"2025-11-16",0.69271,{"date":218,"score":126,"percentile":219},"2025-11-17",0.69269,{"date":221,"score":222,"percentile":223},"2025-11-18",0.00935,0.74183,{"date":225,"score":222,"percentile":226},"2025-11-19",0.7419,{"date":228,"score":222,"percentile":229},"2025-11-20",0.74199,{"date":231,"score":126,"percentile":232},"2025-11-21",0.69293,{"date":234,"score":126,"percentile":235},"2025-11-22",0.69289,{"date":237,"score":126,"percentile":238},"2025-11-23",0.69278,{"date":240,"score":126,"percentile":241},"2025-11-24",0.69266,{"date":243,"score":126,"percentile":219},"2025-11-25",{"date":245,"score":126,"percentile":213},"2025-11-26",{"date":247,"score":126,"percentile":238},"2025-11-27",{"date":249,"score":126,"percentile":250},"2025-11-28",0.69267,{"date":252,"score":126,"percentile":253},"2025-11-29",0.69255,{"date":255,"score":126,"percentile":182},"2025-11-30",{"date":257,"score":126,"percentile":258},"2025-12-01",0.694,{"date":260,"score":126,"percentile":261},"2025-12-02",0.69408,{"date":263,"score":126,"percentile":264},"2025-12-03",0.69406,{"date":266,"score":126,"percentile":190},"2025-12-04",{"date":268,"score":126,"percentile":204},"2025-12-05",{"date":270,"score":126,"percentile":271},"2025-12-06",0.69268,{"date":273,"score":126,"percentile":204},"2025-12-07",{"date":275,"score":126,"percentile":271},"2025-12-08",{"date":277,"score":126,"percentile":278},"2025-12-09",0.69296,{"date":280,"score":126,"percentile":281},"2025-12-10",0.69339,{"date":283,"score":126,"percentile":284},"2025-12-11",0.69362,{"date":286,"score":126,"percentile":287},"2025-12-12",0.69388,{"date":289,"score":126,"percentile":290},"2025-12-13",0.6939,{"date":292,"score":126,"percentile":293},"2025-12-14",0.69394,{"date":295,"score":126,"percentile":290},"2025-12-15",{"date":297,"score":126,"percentile":298},"2025-12-16",0.69398,{"date":300,"score":126,"percentile":301},"2025-12-17",0.69411,{"date":303,"score":126,"percentile":304},"2025-12-18",0.69442,{"date":306,"score":126,"percentile":307},"2025-12-19",0.69459,{"date":309,"score":126,"percentile":310},"2025-12-20",0.69457,{"date":312,"score":126,"percentile":313},"2025-12-21",0.6944,{"date":315,"score":126,"percentile":304},"2025-12-22",{"date":317,"score":126,"percentile":304},"2025-12-23",{"date":319,"score":126,"percentile":320},"2025-12-24",0.69449,{"date":322,"score":126,"percentile":323},"2025-12-25",0.69476,{"date":325,"score":126,"percentile":326},"2025-12-26",0.69474,{"date":328,"score":126,"percentile":329},"2025-12-27",0.69522,{"date":331,"score":126,"percentile":320},"2025-12-28",{"date":333,"score":126,"percentile":334},"2025-12-29",0.69445,{"date":336,"score":126,"percentile":310},"2025-12-30",{"date":338,"score":126,"percentile":326},"2025-12-31",{"date":340,"score":126,"percentile":341},"2026-01-01",0.69641,{"date":343,"score":126,"percentile":344},"2026-01-02",0.69632,{"date":346,"score":126,"percentile":344},"2026-01-03",{"date":348,"score":126,"percentile":349},"2026-01-04",0.69478,{"date":351,"score":126,"percentile":352},"2026-01-05",0.69463,{"date":354,"score":126,"percentile":355},"2026-01-06",0.69473,{"date":357,"score":126,"percentile":358},"2026-01-07",0.69487,{"date":360,"score":126,"percentile":361},"2026-01-08",0.69502,{"date":363,"score":126,"percentile":364},"2026-01-09",0.69508,{"date":366,"score":126,"percentile":367},"2026-01-10",0.69507,{"date":369,"score":126,"percentile":370},"2026-01-11",0.69499,{"date":372,"score":126,"percentile":373},"2026-01-12",0.69491,{"date":375,"score":126,"percentile":376},"2026-01-13",0.6949,{"date":378,"score":126,"percentile":379},"2026-01-14",0.6952,{"date":381,"score":126,"percentile":382},"2026-01-15",0.69525,{"date":384,"score":126,"percentile":385},"2026-01-16",0.69542,{"date":387,"score":126,"percentile":388},"2026-01-17",0.69534,{"date":390,"score":126,"percentile":391},"2026-01-18",0.69521,{"date":393,"score":126,"percentile":394},"2026-01-19",0.69513,{"date":396,"score":126,"percentile":391},"2026-01-20",{"date":398,"score":126,"percentile":399},"2026-01-21",0.6953,{"date":401,"score":126,"percentile":385},"2026-01-22",{"date":403,"score":126,"percentile":404},"2026-01-23",0.69571,{"date":406,"score":126,"percentile":407},"2026-01-24",0.69577,{"date":409,"score":126,"percentile":410},"2026-01-25",0.69548,{"date":412,"score":126,"percentile":413},"2026-01-26",0.69543,{"date":415,"score":126,"percentile":416},"2026-01-27",0.69547,{"date":418,"score":126,"percentile":419},"2026-01-28",0.69558,{"date":421,"score":126,"percentile":422},"2026-01-29",0.69555,{"date":424,"score":126,"percentile":425},"2026-01-30",0.69563,{"date":427,"score":126,"percentile":428},"2026-01-31",0.69568,{"date":430,"score":126,"percentile":431},"2026-02-01",0.6971,[433,438,440],{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":434,"cvss_v4_0":9},{"baseScore":128,"baseSeverity":435,"vectorString":131,"impactScore":436,"exploitabilityScore":437},"HIGH",8.7,5.6,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":439,"cvss_v4_0":9},{"baseScore":128,"baseSeverity":435,"vectorString":131,"impactScore":436,"exploitabilityScore":437},{"source":136,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":441,"cvss_v4_0":9},{"baseScore":128,"baseSeverity":9,"vectorString":131,"impactScore":436,"exploitabilityScore":437},[443,452,461],{"ecosystem":444,"name":445,"vendor":444,"product":445,"cpe_part":9,"purl_type":446,"purl_namespace":9,"purl_name":445,"source":9,"versions":447},"PyPI","ecdsa","pypi",[448],{"version":449,"is_range":450,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"ecosystem":9,"name":445,"vendor":453,"product":445,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"tlsfuzzer","a",[456],{"version":457,"is_range":450,"range_type":458,"version_start":9,"version_start_type":9,"version_end":459,"version_end_type":460,"fixed_in":9},"lte0.18.0","cpe","0.18.0","including",{"ecosystem":9,"name":462,"vendor":453,"product":462,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"python-ecdsa",[464],{"version":465,"is_range":450,"range_type":130,"version_start":9,"version_start_type":9,"version_end":459,"version_end_type":460,"fixed_in":9},"\u003C= 0.18.0"]