The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript.
Public page is https://kjur.github.io/jsrsasign .
Your bugfix and pull request contribution are always welcomed :)
| published | fixed version | title/advisory | CVE | CVSS |
|---|---|---|---|---|
| 2020Jun22 | 8.0.19 | ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding | CVE-2020-14966 | 5.5 |
| 2020Jun22 | 8.0.18 | RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros | CVE-2020-14967 | 4.8 |
| 2020Jun22 | 8.0.17 | RSA-PSS signature validation vulnerability by prepending zeros | CVE-2020-14968 | 4.2 |
Here is full published security advisory list.
If you like jsrsasign and my other project, you can support their development by donation through any of the platform/services below. Thank you as always.
You can sponsor jsrsasign with the GitHub Sponsors program.
You can donate cryptocurrency to jsrsasign using the following addresses:
- Bitcoin(BTC): 34vSRe7XHoMy78HKgps9YJ5BrBLYJLeM22
- Ethereum(ETH): 0x9c4cdbb531e5b84796ff5f91a9f652704761e64e
- Litecoin(LTC): LPf3VDJVamwPcNJNjjVtrUQuJQ17ZyWzeU
- Bitcoin Cash(BCH): bitcoincash:pq3hy08pc9vm57q6ddgsc06cqdffmfzwwqxd9yejyf