Critical Vulnerability - Improper Verification of Cryptographic Signature

[BartusZak]

https://cwe.mitre.org/data/definitions/347.html

Introduced through
node-polyfill-webpack-plugin@4.0.0
Fixed in
elliptic@6.5.7

[BartusZak]

elliptic@6.5.7 is vulnerable as well

indutny/elliptic#331

https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303

[maplion]

Still seeing the vulnerability in elliptic@6.6.1 used in jwk-to-pem@2.0.7

https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303

[d4kris]

Would it be possible to bump elliptic to 6.6.1 and ppkdf2 to 3.1.3 to get rid of these critical dependencies?