jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass
High severity
GitHub Reviewed
Published
Mar 23, 2026
to the GitHub Advisory Database
•
Updated Mar 30, 2026
Description
Published by the National Vulnerability Database
Mar 23, 2026
Published to the GitHub Advisory Database
Mar 23, 2026
Reviewed
Mar 30, 2026
Last updated
Mar 30, 2026
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.
References