@webauthn/server@0.0.2 vulnerabilities | @webauthn/server 0.0.2

Severity

Status

medium severity

new

Introduced through: @webauthn/server@0.0.2 › jsrsasign@8.0.24

Remediation: Upgrade to jsrsasign@10.1.13.

jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

Upgrade jsrsasign to version 10.1.13 or higher.