@webauthn/server@0.0.2

Vulnerabilities

1 via 1 paths

Dependencies

7

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Cryptographic Weakness

  • Vulnerable module: jsrsasign
  • Introduced through: jsrsasign@8.0.24

Detailed paths

  • Introduced through: @webauthn/server@0.0.2 jsrsasign@8.0.24
    Remediation: Upgrade to jsrsasign@10.1.13.

Overview

jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

Remediation

Upgrade jsrsasign to version 10.1.13 or higher.

References