CVE advisoryCRITICAL
CVE-2021-30246
jsrsasign Invalid RSA Signatures Vulnerability.
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
The jsrsasign package for Node.js incorrectly accepts some invalid RSA PKCS#1 v1.5 signatures as valid. While there is no known practical attack, this could impact the integrity of cryptographic operations if applications rely on signature validation. Organizations should identify if they use this package and assess po