Количество 8
Количество 8
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
CVE-2023-46234
browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's ...
GHSA-x9w5-v3q2-3rhw
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
BDU:2024-03158
Уязвимость функции dsaVerify() пакета для дублирования криптографического функциональности Browserify-sign, позволяющая нарушителю создавать подписи, которые могут быть успешно проверены любым открытым ключом, что приводит к атаке подделки подписи
ROS-20240418-08
Множественные уязвимости opensearch-dashboards
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
 | CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
| CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's ... | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
| GHSA-x9w5-v3q2-3rhw browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | BDU:2024-03158 Уязвимость функции dsaVerify() пакета для дублирования криптографического функциональности Browserify-sign, позволяющая нарушителю создавать подписи, которые могут быть успешно проверены любым открытым ключом, что приводит к атаке подделки подписи | CVSS3: 7.5 | 1% Низкий | около 2 лет назад |
 | ROS-20240418-08 Множественные уязвимости opensearch-dashboards | CVSS3: 7.5 | больше 1 года назад |
Уязвимостей на страницу