CVE-2022-25898

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*

Information

Published : 2022-07-01 13:15

Updated : 2022-07-13 12:01


NVD link : CVE-2022-25898

Mitre link : CVE-2022-25898


JSON object : View

CWE
CWE-347

Improper Verification of Cryptographic Signature

Advertisement

dedicated server usa

Products Affected

jsrsasign_project

  • jsrsasign