GHSA-h87q-g2wp-47pj

Suggest an improvement
Source
https://github.com/advisories/GHSA-h87q-g2wp-47pj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-h87q-g2wp-47pj/GHSA-h87q-g2wp-47pj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h87q-g2wp-47pj
Published
2022-02-09T22:41:19Z
Modified
2022-02-15T01:51:57Z
Summary
Signatures are mistakenly recognized to be valid in jsrsasign
Details

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-347"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-08T20:09:58Z"
}
References

Affected packages

npm / jsrsasign

Package

Name
jsrsasign
View open source insights on deps.dev
Purl
pkg:npm/jsrsasign

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.0