Lucene search
+L

9 matches found

osv
osv
added 2026/03/23 6:30 a.m.6 views

GHSA-8QWJ-4JXW-M8JW jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References6
nvd
nvd
added 2026/03/23 6:16 a.m.5 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS0.00496EPSS
Exploits1References15
vulnrichment
vulnrichment
added 2026/03/23 5:0 a.m.4 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References5
cve
cve
added 2026/03/23 5:0 a.m.30 views

CVE-2026-4602

CVE-2026-4602 affects the npm package jsrsasign prior to 11.1.1. The root cause is incorrect conversion between numeric types due to handling negative exponents in ext/jsbn2.js, which can cause modPow with a negative exponent and lead to incorrect modular inverses and broken signature verificatio...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References15Affected Software1
cvelist
cvelist
added 2026/03/23 5:0 a.m.30 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS0.00496EPSS
Exploits1References5
osv
osv
added 2026/03/23 5:0 a.m.7 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References17
ptsecurity
ptsecurity
added 2026/03/23 12:0 a.m.14 views

PT-2026-27058

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description Incorrect Conversion between Numeric Types occurs due to the handling of negative exponents in the file ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References25
snyk
snyk
added 2026/02/21 2:3 a.m.5 views

Incorrect Conversion between Numeric Types

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverse...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References2
snyk
snyk
added 2026/02/21 2:3 a.m.5 views

Incorrect Conversion between Numeric Types

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References2
Rows per page
Query Builder