Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.6 views

CVE-2026-4601

A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm DSA signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an...

9.4CVSS5.6AI score0.003EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2026/03/23 6:30 a.m.7 views

@1auth/authn-webauthn (>=0.0.0-alpha.0 <=0.0.0-alpha.3), @agentic/stdlib (>=7.4.0 <=7.6.9) +785 more potentially affected by CVE-2026-4601 via jsrsasign (>=0.0.3 <=11.1.0)

jsrsasign NPM version =0.0.3, =0.0.0-alpha.0, =7.4.0, =7.4.0, =6.0.0, =1.0.0-1.0.1.0, =1.0.0-1.0.1.0, =0.0.3-alpha.0, =2.0.0, =2.7.1, =6.0.0, =6.0.0, =0.1.0, =1.0.0, =5.0.0-3998.0 and more Source cves: CVE-2026-4601 Source advisory: OSV:GHSA-W8Q8-93CX-6H7R...

9.4CVSS5.7AI score0.003EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.36 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS0.003EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/02/16 5:2 a.m.8 views

org.webjars.npm:jsrsasign-util (=1.0.5) potentially affected by CVE-2026-4601 via org.webjars.npm:jsrsasign (=11.1.0)

org.webjars.npm:jsrsasign MAVEN version =11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsrsasign and may be impacted: - org.webjars.npm:jsrsasign-util =1.0.5 Source cves: CVE-2026-4601 Source advisory:...

9.4CVSS5.8AI score0.003EPSS
Exploits1
Rows per page
Query Builder