CVE-2020-14968
jsrsasign RSASSA-PSS Signature Manipulation Vulnerability
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability exists in the jsrsasign Node.js package that allows an attacker to prepend null bytes to digital signatures, causing them to be accepted as valid. This manipulation could lead to unauthorized actions or system instability, and there is a possibility of memory corruption.