cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.
cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing checkcggmp24 v0.7.0-alpha.2 which contains many other security checks as a precaution. Follow migration guideline to upgrade.Update to cggmp21 v0.6.3, a minor release that contains a minimal security patch.
However, for full mitigation, users will need to upgrade to cggmp24 v0.7.0-alpha.2 as it contains many more security check implementations.
Read this blog post to learn more.
0.6.30.7.0-alpha.2Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:HVI:HVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N