Package Name: jsrsasign
Package Version: ['8.0.24']
Package Manager: npm
Target File: package.json
Severity Level: medium
Snyk ID: SNYK-JS-JSRSASIGN-1244072
Snyk CVE: CVE-2021-30246
Snyk CWE: CWE-521
Link to issue in Snyk: https://app.snyk.io/org/cse_snyk-playground/project/3af44f44-d085-4709-afa8-a4bc1c966aa1
Snyk Description: ## Overview
jsrsasign is a free pure JavaScript cryptographic library.
Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.
Remediation
Upgrade jsrsasign to version 10.1.13 or higher.
References
Package Name: jsrsasign
Package Version: ['8.0.24']
Package Manager: npm
Target File: package.json
Severity Level: medium
Snyk ID: SNYK-JS-JSRSASIGN-1244072
Snyk CVE: CVE-2021-30246
Snyk CWE: CWE-521
Link to issue in Snyk: https://app.snyk.io/org/cse_snyk-playground/project/3af44f44-d085-4709-afa8-a4bc1c966aa1
Snyk Description: ## Overview
jsrsasign is a free pure JavaScript cryptographic library.
Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.
Remediation
Upgrade
jsrsasignto version 10.1.13 or higher.References