Msrc Cbl2 Reaper 3.1.1-11 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-42461 [CRITICAL] CWE-347 In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because BER-encoded signatures are allowed. In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because BER-encoded signatures are allowed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linu

CVE-2024-42460 [MEDIUM] CWE-130 In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? On

CVE-2024-42459 [MEDIUM] CWE-347 In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended. In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor