SNYK-JS-JSRSASIGN-15370938

SNYK-JS-JSRSASIGN-15370938 PUBLISHED CVSS 8.699999809265137 HIGH

## Overview [jsrsasign](https://www.npmjs.com/package/jsrsasign) is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the `bnModInverse` function in `ext/jsbn2.js` when the `BigInteger.modInverse` implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)). ## Remediation Upgrade `jsrsasign` to version 11.1.1 or higher. ## References - [GitHub Commit](https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323) - [GitHub Gist](https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264) - [GitHub PR](https://github.com/kjur/jsrsasign/pull/648)

Risk Scores

CVSS v3.1

8.699999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Affected Products

Vendor	Product	Versions
		0

Timeline

Feb 18, 2026 CVE Updated
Mar 22, 2026 CVE Published

References

Open in Interactive Console →