Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jsrsasign project jsrsasign vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-21484
Versions of the package jsrsasign prior to 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the malicious user to h...
Jsrsasign Project Jsrsasign
7.5
CVSSv2
CVE-2022-25898
The package jsrsasign prior to 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT si...
Jsrsasign Project Jsrsasign
5
CVSSv2
CVE-2020-14966
An issue exists in the jsrsasign package up to and including 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verifi...
Jsrsasign Project Jsrsasign
Netapp Max Data -
2 Github repositories
7.5
CVSSv2
CVE-2020-14967
An issue exists in the jsrsasign package prior to 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend...
Jsrsasign Project Jsrsasign
Netapp Max Data -
2 Github repositories
7.5
CVSSv2
CVE-2020-14968
An issue exists in the jsrsasign package prior to 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abu...
Jsrsasign Project Jsrsasign
Netapp Max Data -
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started