VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-35d9-a9uc-63h5

Essentials
Severities (32)
References (18)
Severity details (30)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-35d9-a9uc-63h5
Aliases	CVE-2020-14966 GHSA-p8c3-7rj8-q963
Summary	ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-347	Improper Verification of Cryptographic Signature
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0028	https://api.first.org/data/v1/epss?cve=CVE-2020-14966
epss	0.0028	https://api.first.org/data/v1/epss?cve=CVE-2020-14966
cvssv3.1	7.5	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
generic_textual	HIGH	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-p8c3-7rj8-q963
cvssv3.1	7.5	https://github.com/kjur/jsrsasign
generic_textual	HIGH	https://github.com/kjur/jsrsasign
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f
generic_textual	HIGH	https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/issues/437
generic_textual	HIGH	https://github.com/kjur/jsrsasign/issues/437
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/releases/tag/8.0.17
generic_textual	HIGH	https://github.com/kjur/jsrsasign/releases/tag/8.0.17
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/releases/tag/8.0.18
generic_textual	HIGH	https://github.com/kjur/jsrsasign/releases/tag/8.0.18
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963
cvssv3.1_qr	HIGH	https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963
generic_textual	HIGH	https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963
cvssv3.1	7.5	https://kjur.github.io/jsrsasign
generic_textual	HIGH	https://kjur.github.io/jsrsasign
cvssv3.1	7.5	https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
generic_textual	HIGH	https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
cvssv3.1	7.5	https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
generic_textual	HIGH	https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-14966
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-14966
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20200724-0001
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20200724-0001
cvssv3.1	7.5	https://vuldb.com/?id.157123
generic_textual	HIGH	https://vuldb.com/?id.157123
cvssv3.1	7.5	https://www.npmjs.com/package/jsrsasign
generic_textual	HIGH	https://www.npmjs.com/package/jsrsasign

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-14966
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
		https://github.com/kjur/jsrsasign
		https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f
		https://github.com/kjur/jsrsasign/issues/437
		https://github.com/kjur/jsrsasign/releases/tag/8.0.17
		https://github.com/kjur/jsrsasign/releases/tag/8.0.18
		https://kjur.github.io/jsrsasign
		https://kjur.github.io/jsrsasign/
		https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
		https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
		https://security.netapp.com/advisory/ntap-20200724-0001
		https://security.netapp.com/advisory/ntap-20200724-0001/
		https://vuldb.com/?id.157123
		https://www.npmjs.com/package/jsrsasign
CVE-2020-14966		https://nvd.nist.gov/vuln/detail/CVE-2020-14966
GHSA-p8c3-7rj8-q963		https://github.com/advisories/GHSA-p8c3-7rj8-q963
GHSA-p8c3-7rj8-q963		https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign/commit/6087412d072a57074d3c4c1b40bdde0460d53a7f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign/issues/437

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign/releases/tag/8.0.17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign/releases/tag/8.0.18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://kjur.github.io/jsrsasign

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14966

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20200724-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://vuldb.com/?id.157123

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.npmjs.com/package/jsrsasign

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.51672
EPSS Score	0.0028
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:26:18.492965+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-p8c3-7rj8-q963	38.6.0