{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12926?format=json","vulnerability_id":"VCID-c1d5-c1mg-7yaj","summary":"Incorrect Calculation\nA Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka \"MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.\" This affects Microsoft Research JavaScript Cryptography Library.","aliases":[{"alias":"CVE-2018-8319"},{"alias":"GHSA-qg3g-2mgh-33j8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55414?format=json","purl":"pkg:npm/msrcrypto@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/msrcrypto@1.4.1"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8319","reference_id":"","reference_type":"","scores":[{"value":"0.14817","scoring_system":"epss","scoring_elements":"0.94621","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8319"},{"reference_url":"https://www.npmjs.com/advisories/1112","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/1112"},{"reference_url":"http://www.securityfocus.com/bid/104655","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104655"},{"reference_url":"http://www.securitytracker.com/id/1041268","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8319","reference_id":"CVE-2018-8319","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8319"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319","reference_id":"CVE-2018-8319","reference_type":"","scores":[],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319"},{"reference_url":"https://github.com/advisories/GHSA-qg3g-2mgh-33j8","reference_id":"GHSA-qg3g-2mgh-33j8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qg3g-2mgh-33j8"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":682,"name":"Incorrect Calculation","description":"The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1d5-c1mg-7yaj"}