fabric-network@2.2.7-snapshot.3

Vulnerabilities

1 via 1 paths

Dependencies

81

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Cryptographic Weakness

  • Vulnerable module: jsrsasign
  • Introduced through: fabric-common@2.2.7-snapshot.3

Detailed paths

  • Introduced through: fabric-network@2.2.7-snapshot.3 fabric-common@2.2.7-snapshot.3 jsrsasign@8.0.24

Overview

jsrsasign is a free pure JavaScript cryptographic library.

Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

Remediation

Upgrade jsrsasign to version 10.1.13 or higher.

References