Search for packages
| purl | pkg:npm/jsrsasign@7.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-35d9-a9uc-63h5
Aliases: CVE-2020-14966 GHSA-p8c3-7rj8-q963 |
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign |
Affected by 9 other vulnerabilities. |
|
VCID-5r4b-t97c-gufh
Aliases: CVE-2021-30246 GHSA-27fj-mc8w-j9wg |
Affected by 7 other vulnerabilities. |
|
|
VCID-8jb1-w888-fkh1
Aliases: CVE-2026-4598 GHSA-8g7p-jf3g-gxcp |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)). |
Affected by 0 other vulnerabilities. |
|
VCID-bzad-9z14-yugu
Aliases: CVE-2026-4600 GHSA-wvqx-v3f6-w8rh |
Affected by 0 other vulnerabilities. |
|
|
VCID-h63y-frbx-e3g6
Aliases: GHSA-h87q-g2wp-47pj GMS-2022-64 |
Signatures are mistakenly recognized to be valid in jsrsasign |
Affected by 7 other vulnerabilities. |
|
VCID-j4jj-nks5-g3dg
Aliases: CVE-2020-14968 GHSA-q3gh-5r98-j4h3 |
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign |
Affected by 11 other vulnerabilities. |
|
VCID-n5z8-jr32-e7bs
Aliases: CVE-2026-4602 GHSA-8qwj-4jxw-m8jw |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent. |
Affected by 0 other vulnerabilities. |
|
VCID-qzdc-ua26-quaj
Aliases: CVE-2026-4603 GHSA-464q-cqxq-xhgr |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to deterministic zero outputs and hide “invalid key” errors by supplying a JWK whose modulus decodes to zero. |
Affected by 0 other vulnerabilities. |
|
VCID-sh96-bseb-kugd
Aliases: CVE-2026-4601 GHSA-w8q8-93cx-6h7r |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature. |
Affected by 0 other vulnerabilities. |
|
VCID-t1vh-jvyp-vyaa
Aliases: CVE-2020-14967 GHSA-xxxq-chmp-67g4 |
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign |
Affected by 10 other vulnerabilities. |
|
VCID-t65e-dnqv-r3h2
Aliases: CVE-2026-4599 GHSA-5jx8-q4cp-rhh6 |
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation. |
Affected by 0 other vulnerabilities. |
|
VCID-uyxf-wya2-wqfy
Aliases: CVE-2024-21484 GHSA-rh63-9qcf-83gf GMS-2024-46 |
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||