Shilohshio

**Name of the Vulnerable Software and Affected Versions** In Development IL ecdh versions prior to 0.2.0 **Description** An attacker can send an invalid point, not on the curve, as the public key and obtain the derived shared secret. This issue allows an attacker to potentially exploit the system by manipulating the public key exchange process. **Recommendations** For versions prior to 0.2.0, update to version 0.2.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation on public keys to ensure they are valid points on the curve before deriving the shared secret.

**Name of the Vulnerable Software and Affected Versions** secp256k1-js versions prior to 1.1.0 **Description** The issue is related to the implementation of ECDSA in the secp256k1-js package, which lacks required `r` and `s` validation. This omission can lead to signature forgery. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.