org.webjars.npm:sm-crypto 0.3.12

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:sm-crypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Verification of Cryptographic Signature org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. How to fix Improper Verification of Cryptographic Signature? A fix was pushed into the `master` branch but not yet published.	[0,)
H Improper Verification of Cryptographic Signature org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the `SM2 signature verification` process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature. How to fix Improper Verification of Cryptographic Signature? A fix was pushed into the `master` branch but not yet published.	[0,)
C Insufficient Verification of Data Authenticity org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the SM2 decryption logic. An attacker can recover sensitive private key material by repeatedly interacting with the decryption interface. How to fix Insufficient Verification of Data Authenticity? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Improper Verification of Cryptographic Signature

org.webjars.npm:sm-crypto is a sm-crypto

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys.

How to fix Improper Verification of Cryptographic Signature?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Verification of Cryptographic Signature

org.webjars.npm:sm-crypto is a sm-crypto

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature.

How to fix Improper Verification of Cryptographic Signature?

A fix was pushed into the master branch but not yet published.

[0,)

Insufficient Verification of Data Authenticity

org.webjars.npm:sm-crypto is a sm-crypto

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the SM2 decryption logic. An attacker can recover sensitive private key material by repeatedly interacting with the decryption interface.

How to fix Insufficient Verification of Data Authenticity?

A fix was pushed into the master branch but not yet published.

[0,)

org.webjars.npm:sm-crypto@0.3.12

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically