snyk-playground / demo_actions

0 stars 0 forks source link

Medium severity - Cryptographic Weakness vulnerability in jsrsasign (frontend/package.json) #1

Closed github-actions[bot] closed 2 years ago

github-actions[bot] commented 2 years ago

Package Manager: npm
Vulnerable module: jsrsasign
Introduced through: ts-link-akta@0.2.0, node-opcua@0.2.3 and others
Detailed paths
Introduced through: ts-link-akta@0.2.0 › node-opcua@0.2.3 › node-opcua-address-space@0.2.3 › node-opcua-common@0.2.3 › node-opcua-crypto@0.0.16 › jsrsasign@8.0.24
Overview

jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

Remediation

Upgrade jsrsasign to version 10.1.13 or higher.

References

GitHub Issue
GitHub Release
SNYK-JS-JSRSASIGN-1244072
(CVE-2021-30246) jsrsasign@8.0.24

github-actions[bot] commented 2 years ago

Closed by snyk_sarif_to_gh_issues