Severity: Critical
CVSS Score: 5.3
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.