VYPR

npm package

browserify-sign

pkg:npm/browserify-sign

Vulnerabilities (1)

  • CVE-2023-46234Oct 26, 2023
    affected >= 2.6.0, < 4.2.2fixed 4.2.2

    browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successful