Kjur Jsrsasign

12 CVEs affecting Kjur Jsrsasign. Latest disclosed: 2026-03-23. Critical: 4, High: 7.

Top CVEs affecting Kjur Jsrsasign
CVESeverityScorePublishedSummary
CVE-2020-14968Critical9.82020-06-22An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modi…
CVE-2020-14967Critical9.82020-06-22An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modificatio…
CVE-2026-4599Critical9.12026-03-23Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMa…
CVE-2021-30246Critical9.12021-04-07In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known pr…
CVE-2026-4601High8.72026-03-23Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA sig…
CVE-2022-25898High7.72022-07-01The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding s…
CVE-2026-4602High7.52026-03-23Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js…
CVE-2026-4598High7.52026-03-23Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse im…
CVE-2024-21484High7.52024-01-22Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can dec…
CVE-2020-14966High7.52020-06-22An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the leng…
CVE-2026-4600High7.42026-03-23Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in K…
CVE-2026-4603Medium5.92026-03-23Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigIntege…