org.webjars.npm:jsrsasign@10.4.1 vulnerabilities

latest version

10.4.1
first published

9 years ago
latest version published

3 years ago
licenses detected
- MIT
  [5.0.1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:jsrsasign package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Observable Discrepancy org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Observable Discrepancy via the RSA PKCS#1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. How to fix Observable Discrepancy? There is no fixed version for `org.webjars.npm:jsrsasign`.	[0,)
H Improper Verification of Cryptographic Signature org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when `JWS` or `JWT` signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. How to fix Improper Verification of Cryptographic Signature? A fix was pushed into the `master` branch but not yet published.	[0,)

Observable Discrepancy

org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Observable Discrepancy via the RSA PKCS#1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.

How to fix Observable Discrepancy?

There is no fixed version for org.webjars.npm:jsrsasign.

[0,)

Improper Verification of Cryptographic Signature

org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

How to fix Improper Verification of Cryptographic Signature?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package

org.webjars.npm:jsrsasign@10.4.1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities