4 matches found
CVE-2026-4601
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm DSA signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an...
@1auth/authn-webauthn (>=0.0.0-alpha.0 <=0.0.0-alpha.3), @agentic/stdlib (>=7.4.0 <=7.6.9) +785 more potentially affected by CVE-2026-4601 via jsrsasign (>=0.0.3 <=11.1.0)
jsrsasign NPM version =0.0.3, =0.0.0-alpha.0, =7.4.0, =7.4.0, =6.0.0, =1.0.0-1.0.1.0, =1.0.0-1.0.1.0, =0.0.3-alpha.0, =2.0.0, =2.7.1, =6.0.0, =6.0.0, =0.1.0, =1.0.0, =5.0.0-3998.0 and more Source cves: CVE-2026-4601 Source advisory: OSV:GHSA-W8Q8-93CX-6H7R...
CVE-2026-4601
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...
org.webjars.npm:jsrsasign-util (=1.0.5) potentially affected by CVE-2026-4601 via org.webjars.npm:jsrsasign (=11.1.0)
org.webjars.npm:jsrsasign MAVEN version =11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsrsasign and may be impacted: - org.webjars.npm:jsrsasign-util =1.0.5 Source cves: CVE-2026-4601 Source advisory:...