Lucene search
K

6 matches found

Veracode
Veracode
added 2026/04/15 11:29 a.m.11 views

Missing Cryptographic Step

jsrsasign is vulnerable to Missing Cryptographic Step. The vulnerability is due to improper handling of invalid DSA signature values without retry logic, which allows an attacker to recover the private key by forcing signature parameters to predictable values...

9.4CVSS5.7AI score0.003EPSS
Exploits1References14Affected Software1
EUVD
EUVD
added 2026/03/23 6:30 a.m.10 views

EUVD-2026-14373

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.8AI score0.00476EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/23 6:30 a.m.8 views

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.8AI score0.00225EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/21 2:3 a.m.5 views

Division by zero

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RS...

5.9CVSS5.9AI score0.001EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/16 5:2 a.m.3 views

Missing Cryptographic Step

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by...

9.4CVSS5.9AI score0.003EPSS
Exploits1References2
OSV
OSV
added 2020/06/30 4:5 p.m.2 views

GHSA-G753-JX37-7XWH ECDSA signature vulnerability of Minerva timing attack in jsrsasign

Impact ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign. Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits ...

5.9CVSS6AI score
Exploits0References8
Rows per page
Query Builder