Critical severityNVD Advisory· Published Apr 7, 2021· Updated Aug 3, 2024
CVE-2021-30246
CVE-2021-30246
Description
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jsrsasignnpm | < 10.2.0 | 10.2.0 |
Affected products
2- Node.js/jsrsasigndescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-27fj-mc8w-j9wgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-30246ghsaADVISORY
- github.com/kjur/jsrsasign/issues/478ghsax_refsource_MISCWEB
- github.com/kjur/jsrsasign/releases/tag/10.1.13ghsax_refsource_MISCWEB
- github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wgghsaWEB
- kjur.github.io/jsrsasignghsaWEB
- kjur.github.io/jsrsasign/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.