Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-25898
Analyzed
More InfoOfficial Page
Source-report@snyk.io
View Known Exploited Vulnerability (KEV) details
Published At-01 Jul, 2022 | 20:15
Updated At-13 Jul, 2022 | 19:01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.7HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
jsrsasign_project
jsrsasign_project
>>jsrsasign>>Versions from 4.8.0(inclusive) to 10.5.25(exclusive)
cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primarynvd@nist.gov
CWE ID: CWE-347
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41report@snyk.io
Patch
Third Party Advisory
https://github.com/kjur/jsrsasign/releases/tag/10.5.25report@snyk.io
Release Notes
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898report@snyk.io
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897report@snyk.io
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896report@snyk.io
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122report@snyk.io
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/kjur/jsrsasign/releases/tag/10.5.25
Source: report@snyk.io
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
Source: report@snyk.io
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
Source: report@snyk.io
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
Source: report@snyk.io
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
Source: report@snyk.io
Resource:
Exploit
Patch
Third Party Advisory
Change History
0Changes found
Details not found