Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/jsrsasign@10.5.23
Typenpm
Namespace
Namejsrsasign
Version10.5.23
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version11.1.1
Latest_non_vulnerable_version11.1.1
Affected_by_vulnerabilities
0
url VCID-1va4-6h3w-h7an
vulnerability_id VCID-1va4-6h3w-h7an
summary 
JWS and JWT signature validation vulnerability with special characters
### Impact

Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

For example, even if a string of non Base64URL encoding characters such as `!@$%` or `\11` is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.

When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.

By our internal assessment, CVSS 3.1 score will be 8.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

### Patches
Users validate JWS or JWT signatures should upgrade to 10.5.25.

### Workarounds
Validate JWS or JWT signature if it has Base64URL and dot safe string before
executing JWS.verify() or JWS.verifyJWT() method.

### ACKNOWLEDGEMENT

Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for [Snyk security team](https://snyk.io/) for this coordination.

### References
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur's advisories
https://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify
https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25898
reference_id
reference_type
scores
0
value 0.01775
scoring_system epss
scoring_elements 0.83038
published_at 2026-06-08T12:55:00Z
1
value 0.01775
scoring_system epss
scoring_elements 0.83046
published_at 2026-06-07T12:55:00Z
2
value 0.01775
scoring_system epss
scoring_elements 0.8305
published_at 2026-06-06T12:55:00Z
3
value 0.01775
scoring_system epss
scoring_elements 0.83023
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25898
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
4
reference_url https://github.com/kjur/jsrsasign/releases/tag/10.5.25
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/releases/tag/10.5.25
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25898
6
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
7
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
8
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
9
reference_url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
10
reference_url https://github.com/advisories/GHSA-3fvg-4v2m-98jf
reference_id GHSA-3fvg-4v2m-98jf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fvg-4v2m-98jf
11
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
reference_id GHSA-3fvg-4v2m-98jf
reference_type
scores
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
fixed_packages
0
url pkg:npm/jsrsasign@10.5.25
purl pkg:npm/jsrsasign@10.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ax2w-kcpr-rffk
1
vulnerability VCID-b7u7-uwdr-vbgs
2
vulnerability VCID-bgv2-wbuc-wqcj
3
vulnerability VCID-q2dz-12f5-zbgg
4
vulnerability VCID-qayx-46yz-d3b8
5
vulnerability VCID-r434-j4qg-r3bx
6
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@10.5.25
aliases CVE-2022-25898, GHSA-3fvg-4v2m-98jf, GMS-2022-2707
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1va4-6h3w-h7an
1
url VCID-ax2w-kcpr-rffk
vulnerability_id VCID-ax2w-kcpr-rffk
summary jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4599.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4599
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18225
published_at 2026-06-07T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.1826
published_at 2026-06-05T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18263
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4599
2
reference_url https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1
5
reference_url https://github.com/kjur/jsrsasign/pull/647
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://github.com/kjur/jsrsasign/pull/647
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4599
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4599
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:39:36Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450207
reference_id 2450207
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450207
9
reference_url https://github.com/advisories/GHSA-5jx8-q4cp-rhh6
reference_id GHSA-5jx8-q4cp-rhh6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jx8-q4cp-rhh6
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4599, GHSA-5jx8-q4cp-rhh6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax2w-kcpr-rffk
2
url VCID-b7u7-uwdr-vbgs
vulnerability_id VCID-b7u7-uwdr-vbgs
summary jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4601.json
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4601.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4601
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06889
published_at 2026-06-07T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06901
published_at 2026-06-05T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06905
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4601
2
reference_url https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb
5
reference_url https://github.com/kjur/jsrsasign/pull/645
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://github.com/kjur/jsrsasign/pull/645
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4601
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4601
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:P
1
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
3
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:41:01Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450209
reference_id 2450209
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450209
9
reference_url https://github.com/advisories/GHSA-w8q8-93cx-6h7r
reference_id GHSA-w8q8-93cx-6h7r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w8q8-93cx-6h7r
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4601, GHSA-w8q8-93cx-6h7r
risk_score 4.2
exploitability 0.5
weighted_severity 8.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7u7-uwdr-vbgs
3
url VCID-bgv2-wbuc-wqcj
vulnerability_id VCID-bgv2-wbuc-wqcj
summary jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4603.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4603
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01951
published_at 2026-06-07T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01953
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0196
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4603
2
reference_url https://gist.github.com/Kr0emer/5366b7364c4fbf7e754bc377f321e9f3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://gist.github.com/Kr0emer/5366b7364c4fbf7e754bc377f321e9f3
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/dc41d49fac4297e7a737a3ef8ebd0aa9c49ef93f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://github.com/kjur/jsrsasign/commit/dc41d49fac4297e7a737a3ef8ebd0aa9c49ef93f
5
reference_url https://github.com/kjur/jsrsasign/pull/649
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://github.com/kjur/jsrsasign/pull/649
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4603
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4603
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371176
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:42:08Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371176
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450205
reference_id 2450205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450205
9
reference_url https://github.com/advisories/GHSA-464q-cqxq-xhgr
reference_id GHSA-464q-cqxq-xhgr
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-464q-cqxq-xhgr
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4603, GHSA-464q-cqxq-xhgr
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgv2-wbuc-wqcj
4
url VCID-q2dz-12f5-zbgg
vulnerability_id VCID-q2dz-12f5-zbgg
summary jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4602.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4602
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23362
published_at 2026-06-07T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23423
published_at 2026-06-05T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.2341
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4602
2
reference_url https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195
5
reference_url https://github.com/kjur/jsrsasign/pull/650
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://github.com/kjur/jsrsasign/pull/650
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4602
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4602
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:35Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450206
reference_id 2450206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450206
9
reference_url https://github.com/advisories/GHSA-8qwj-4jxw-m8jw
reference_id GHSA-8qwj-4jxw-m8jw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qwj-4jxw-m8jw
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4602, GHSA-8qwj-4jxw-m8jw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2dz-12f5-zbgg
5
url VCID-qayx-46yz-d3b8
vulnerability_id VCID-qayx-46yz-d3b8
summary jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4598.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4598.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4598
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23362
published_at 2026-06-07T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23423
published_at 2026-06-05T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.2341
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4598
2
reference_url https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323
5
reference_url https://github.com/kjur/jsrsasign/pull/648
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://github.com/kjur/jsrsasign/pull/648
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4598
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4598
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-23T14:37:02Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450210
reference_id 2450210
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450210
9
reference_url https://github.com/advisories/GHSA-8g7p-jf3g-gxcp
reference_id GHSA-8g7p-jf3g-gxcp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g7p-jf3g-gxcp
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:22840
reference_id RHSA-2026:22840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22840
14
reference_url https://access.redhat.com/errata/RHSA-2026:23361
reference_id RHSA-2026:23361
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:23361
15
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
16
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4598, GHSA-8g7p-jf3g-gxcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qayx-46yz-d3b8
6
url VCID-r434-j4qg-r3bx
vulnerability_id VCID-r434-j4qg-r3bx
summary 
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
### Impact
RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.

### Patches
update to jsrsasign 11.0.0.

### Workarounds
Find and replace RSA and RSAOAEP decryption with other crypto library.

### References
https://people.redhat.com/~hkario/marvin/
https://github.com/kjur/jsrsasign/issues/598
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21484
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47278
published_at 2026-06-05T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47262
published_at 2026-06-07T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.4728
published_at 2026-06-06T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.47232
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21484
2
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
3
reference_url https://github.com/kjur/jsrsasign/issues/598
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://github.com/kjur/jsrsasign/issues/598
4
reference_url https://github.com/kjur/jsrsasign/releases/tag/11.0.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://github.com/kjur/jsrsasign/releases/tag/11.0.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21484
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21484
6
reference_url https://people.redhat.com/~hkario/marvin
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://people.redhat.com/~hkario/marvin
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
10
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259531
reference_id 2259531
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259531
12
reference_url https://github.com/advisories/GHSA-rh63-9qcf-83gf
reference_id GHSA-rh63-9qcf-83gf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rh63-9qcf-83gf
13
reference_url https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
reference_id GHSA-rh63-9qcf-83gf
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
14
reference_url https://people.redhat.com/~hkario/marvin/
reference_id marvin
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/
url https://people.redhat.com/~hkario/marvin/
fixed_packages
0
url pkg:npm/jsrsasign@11.0.0
purl pkg:npm/jsrsasign@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ax2w-kcpr-rffk
1
vulnerability VCID-b7u7-uwdr-vbgs
2
vulnerability VCID-bgv2-wbuc-wqcj
3
vulnerability VCID-q2dz-12f5-zbgg
4
vulnerability VCID-qayx-46yz-d3b8
5
vulnerability VCID-sm4v-ac3f-6yha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.0.0
aliases CVE-2024-21484, GHSA-rh63-9qcf-83gf, GMS-2024-46
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r434-j4qg-r3bx
7
url VCID-sm4v-ac3f-6yha
vulnerability_id VCID-sm4v-ac3f-6yha
summary jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4600.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4600.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4600
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01299
published_at 2026-06-07T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01294
published_at 2026-06-05T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01297
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4600
2
reference_url https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7
3
reference_url https://github.com/kjur/jsrsasign
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign
4
reference_url https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60
5
reference_url https://github.com/kjur/jsrsasign/pull/646
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kjur/jsrsasign/pull/646
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4600
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4600
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450208
reference_id 2450208
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450208
9
reference_url https://github.com/advisories/GHSA-wvqx-v3f6-w8rh
reference_id GHSA-wvqx-v3f6-w8rh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wvqx-v3f6-w8rh
10
reference_url https://access.redhat.com/errata/RHSA-2026:19375
reference_id RHSA-2026:19375
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19375
11
reference_url https://access.redhat.com/errata/RHSA-2026:19409
reference_id RHSA-2026:19409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19409
12
reference_url https://access.redhat.com/errata/RHSA-2026:19410
reference_id RHSA-2026:19410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19410
13
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
14
reference_url https://access.redhat.com/errata/RHSA-2026:6720
reference_id RHSA-2026:6720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6720
15
reference_url https://access.redhat.com/errata/RHSA-2026:6912
reference_id RHSA-2026:6912
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6912
16
reference_url https://access.redhat.com/errata/RHSA-2026:6926
reference_id RHSA-2026:6926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6926
fixed_packages
0
url pkg:npm/jsrsasign@11.1.1
purl pkg:npm/jsrsasign@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@11.1.1
aliases CVE-2026-4600, GHSA-wvqx-v3f6-w8rh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sm4v-ac3f-6yha
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/jsrsasign@10.5.23