漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Verification of Cryptographic Signature
Vulnerability Description
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Vulnerability Type
N/A
Vulnerability Title
jsrsasign 数据伪造问题漏洞
Vulnerability Description
jsrsasign package是日本浦岛贤治个人开发者的一款开源的加密库。 jsrsasign 10.5.25之前版本存在安全漏洞,该漏洞源于当 JWS 或 JWT 签名具有非 Base64URL 编码的特殊字符或数字转义字符可能被错误地验证为有效时,容易受到加密签名的不正确验证。
CVSS Information
N/A
Vulnerability Type
N/A