--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: overseerr/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |

Expand...

A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.allowPrivilegeEscalation' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |

Expand...

Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.limits.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |

Expand...

When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.requests.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015

| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |

Expand...

When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.requests.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016

Expand...

Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.privileged' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017

| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |

Expand...

Enforcing memory limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'resources.limits.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-overseerr' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-overseerr' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

HostPath volumes must be forbidden.

Deployment 'RELEASE-NAME-overseerr' should not set 'spec.template.volumes.hostPath'

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023

| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |

Expand...

Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-overseerr' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029

| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/overseerr:v1.28.0@sha256:50cd1bf4ba1fcc5a0fd040ff6a529557470e5c2d1dc5e6d40f144b40ca1607a0 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/

| | busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1

| | busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |

Expand...

| | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |

Expand...

| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |

Expand...

| #### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |

Expand...

| | busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |

Expand...

| | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |

Expand...

| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |

Expand...

| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |

Expand...

| #### Container: tccr.io/truecharts/overseerr:v1.28.0@sha256:50cd1bf4ba1fcc5a0fd040ff6a529557470e5c2d1dc5e6d40f144b40ca1607a0 (alpine 3.14.3) **alpine** | No Vulnerabilities found | |:---------------------------------| **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 5.0.1, 6.0.1 |

Expand...

https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807

| | ansi-regex | CVE-2021-3807 | HIGH | 4.1.0 | 5.0.1, 6.0.1 |

Expand...

| | ansi-regex | CVE-2021-3807 | HIGH | 5.0.0 | 5.0.1, 6.0.1 |

Expand...

| | color-string | CVE-2021-29060 | MEDIUM | 1.5.3 | 1.5.5 |

Expand...

https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
https://github.com/Qix-/color-string/releases/tag/1.5.5
https://github.com/advisories/GHSA-257v-vj4p-3w2h
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
https://github.com/yetingli/SaveResults/blob/main/js/color-string.js
https://nvd.nist.gov/vuln/detail/CVE-2021-29060
https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939
https://www.npmjs.com/package/color-string

| | elliptic | CVE-2020-28498 | MEDIUM | 6.5.3 | 6.5.4 |

Expand...

https://github.com/advisories/GHSA-r9p9-mrjm-926w
https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
https://github.com/indutny/elliptic/pull/244/commits
https://nvd.nist.gov/vuln/detail/CVE-2020-28498
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
https://www.npmjs.com/package/elliptic