CPE-679B7E28-1D6B-4805-88B7-D1FB9D765F70 Detail

CPE Details

jsrsasign Project jsrsasign 3.0.5 for Node.js

Vendor

jsrsasign_project

Product

jsrsasign

Version

3.0.5

Created

2020-06-25
16h42 +00:00

Modified

2020-06-25
16h42 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:jsrsasign_project:jsrsasign:3.0.5:::::node.js::

Informations

Vendor

jsrsasign_project

Product

jsrsasign

Version

3.0.5

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-21484	2024-01-22 05h00 +00:00	Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.	7.5	High
CVE-2021-30246	2021-04-07 18h11 +00:00	In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.	9.1	Critical
CVE-2020-14966	2020-06-22 09h20 +00:00	An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.	7.5	High
CVE-2020-14968	2020-06-22 09h19 +00:00	An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.	9.8	Critical
CVE-2020-14967	2020-06-22 09h19 +00:00	An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.	9.8	Critical

jsrsasign Project jsrsasign 3.0.5 for Node.js

CPE Details

CPE Name: cpe:2.3:a:jsrsasign_project:jsrsasign:3.0.5:*:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:jsrsasign_project:jsrsasign:3.0.5:::::node.js::