Kjur Jsrsasign
12 CVEs affecting Kjur Jsrsasign. Latest disclosed: 2026-03-23. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-14968 | Critical | 9.8 | 2020-06-22 | An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modi… |
CVE-2020-14967 | Critical | 9.8 | 2020-06-22 | An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modificatio… |
CVE-2026-4599 | Critical | 9.1 | 2026-03-23 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMa… |
CVE-2021-30246 | Critical | 9.1 | 2021-04-07 | In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known pr… |
CVE-2026-4601 | High | 8.7 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA sig… |
CVE-2022-25898 | High | 7.7 | 2022-07-01 | The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding s… |
CVE-2026-4602 | High | 7.5 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js… |
CVE-2026-4598 | High | 7.5 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse im… |
CVE-2024-21484 | High | 7.5 | 2024-01-22 | Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can dec… |
CVE-2020-14966 | High | 7.5 | 2020-06-22 | An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the leng… |
CVE-2026-4600 | High | 7.4 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in K… |
CVE-2026-4603 | Medium | 5.9 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigIntege… |