Closed github-actions[bot] closed 2 years ago
jsrsasign is a free pure JavaScript cryptographic library.
Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.
Upgrade jsrsasign to version 10.1.13 or higher.
jsrsasign
Closed by snyk_sarif_to_gh_issues
snyk_sarif_to_gh_issues
Detailed paths
Overview
jsrsasign is a free pure JavaScript cryptographic library.
Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.
Remediation
Upgrade
jsrsasign
to version 10.1.13 or higher.References
SNYK-JS-JSRSASIGN-1244072
(CVE-2021-30246) jsrsasign@8.0.24