RSA signature validation vulnerability on maleable encoded message in jsrsasign

Severity:: High

Description

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding. Decoded RSA signature value consists following form: 01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo] Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Recommendation

Update the jsrsasign package to the latest compatible version. Followings are version details:

Affected version(s): < 10.2.0
Patched version(s): 10.2.0

References

GHSA-27fj-mc8w-j9wg
kjur.github.io
CVE-2021-30246
CWE-347
CAPEC-310
OWASP 2021-A2
OWASP 2021-A6

Related Issues

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS - CVE-2025-59837
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF - CVE-2024-4367
create-choo-app3 is vulnerable to Command Injection via the devInstall function - CVE-2022-25855
Vue I18n Allows Prototype Pollution in `handleFlatJson` (GHSA-p2ph-7g93-hw3m) 5 - CVE-2025-27597

Tags:: npm; jsrsasign

Anything's wrong? Let us know Last updated on September 11, 2023