mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
963 B
963 B
CVE-2021-30246
Description
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/KarthickSivalingam/jsrsasign-github
- https://github.com/coachaac/jsrsasign-npm
- https://github.com/diotoborg/laudantium-itaque-esse
- https://github.com/f1stnpm2/nobis-minima-odio
- https://github.com/firanorg/et-non-error
- https://github.com/kjur/jsrsasign
- https://github.com/zibuthe7j11/repellat-sapiente-quas