npm package
jsrsasign
pkg:npm/jsrsasign
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4603 | Med | 5.9 | < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) | |
| CVE-2026-4601 | Hig | 8.7 | < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invali | |
| CVE-2026-4600 | Hig | 7.4 | < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signat | |
| CVE-2026-4599 | — | >= 7.0.0, < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting t | ||
| CVE-2026-4598 | — | < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such cra | ||
| CVE-2026-4602 | — | < 11.1.1 | 11.1.1 | Mar 23, 2026 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow | ||
| CVE-2024-21484 | — | < 11.0.0 | 11.0.0 | Jan 22, 2024 | Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have acce | ||
| CVE-2022-25898 | — | >= 4.8.0, < 10.5.25 | 10.5.25 | Jul 1, 2022 | The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT sign | ||
| CVE-2021-30246 | — | < 10.2.0 | 10.2.0 | Apr 7, 2021 | In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack. | ||
| CVE-2020-14966 | — | >= 4.0.0, < 8.0.19 | 8.0.19 | Jun 22, 2020 | An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. T | ||
| CVE-2020-14968 | — | >= 3.0.0, < 8.0.17 | 8.0.17 | Jun 22, 2020 | An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse t | ||
| CVE-2020-14967 | — | < 8.0.18 | 8.0.18 | Jun 22, 2020 | An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend the |
- affected < 11.1.1fixed 11.1.1
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption)
- affected < 11.1.1fixed 11.1.1
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invali
- affected < 11.1.1fixed 11.1.1
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signat
- CVE-2026-4599Mar 23, 2026affected >= 7.0.0, < 11.1.1fixed 11.1.1
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting t
- CVE-2026-4598Mar 23, 2026affected < 11.1.1fixed 11.1.1
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such cra
- CVE-2026-4602Mar 23, 2026affected < 11.1.1fixed 11.1.1
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow
- CVE-2024-21484Jan 22, 2024affected < 11.0.0fixed 11.0.0
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have acce
- CVE-2022-25898Jul 1, 2022affected >= 4.8.0, < 10.5.25fixed 10.5.25
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT sign
- CVE-2021-30246Apr 7, 2021affected < 10.2.0fixed 10.2.0
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
- CVE-2020-14966Jun 22, 2020affected >= 4.0.0, < 8.0.19fixed 8.0.19
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. T
- CVE-2020-14968Jun 22, 2020affected >= 3.0.0, < 8.0.17fixed 8.0.17
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse t
- CVE-2020-14967Jun 22, 2020affected < 8.0.18fixed 8.0.18
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend the