jsrsasign uses an incorrect signature validation. It is possible because its RSASSA-PSS (RSA-PSS) implementation has a flaw which accepts manipulated/modified signatures as valid signatures by prepending ‘\0’ bytes to a signature and also allows an attacker to send multiple valid signatures to corrupt memory.
github.com/kjur/jsrsasign/commit/3bcc088c727658d7235854cd2a409a904cc2ce99
github.com/kjur/jsrsasign/issues/438
github.com/kjur/jsrsasign/releases/tag/8.0.17
github.com/kjur/jsrsasign/releases/tag/8.0.18
kjur.github.io/jsrsasign/
security.netapp.com/advisory/ntap-20200724-0001/
www.npmjs.com/package/jsrsasign