N/A

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

N/A

N/A

jsrsasign package 数据伪造问题漏洞

jsrsasign package是日本浦岛贤治软件开发者的一款开源的加密库。 jsrsasign package 8.0.18及之前版本（Node.js）中存在安全漏洞。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

N/A

N/A