Name of the Vulnerable Software and Affected Versions ed25519-dalek versions prior to 2.0 rusty-paseto versions prior to 0.6.0

Description The issue arises from a "Double Public Key Signing Function Oracle Attack" affecting the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This vulnerability exposes an unsafe API for serializing and deserializing 64-byte keypairs that include both private and public keys, creating potential for certain attacks. Users of ed25519-dalek utilizing these serialization and deserialization functions directly could potentially be impacted.

Recommendations For ed25519-dalek versions prior to 2.0, update to version 2.0 or later. For rusty-paseto versions prior to 0.6.0, upgrade to version 0.6.0 or later. As a general best practice, ensure that key serialization and deserialization practices are secure and avoid any practices that could lead to key exposure.