Update dependency jsrsasign to v11 [SECURITY] #426
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: amp-update-cache/package-lock.json |
renovate
bot
force-pushed
the
renovate/npm-jsrsasign-vulnerability
branch
from
664e36c to
1d3c6de
Compare
renovate
bot
changed the title
|
renovate
bot
force-pushed
the
renovate/npm-jsrsasign-vulnerability
branch
from
1d3c6de to
83a229f
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^8.0.0->^11.0.0GitHub Vulnerability Alerts
CVE-2020-14966
Impact
Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as:
This vulnerability was fixed by strict ASN.1 DER checking.
Here is an assessment of this vulnerability:
As discussed here, there is no standards like X9.62 which requires ASN.1 DER. So ASN.1 BER can be applied to ECDSA however most of implementations like OpenSSL do strict ASN.1 DER checking.
Patches
Users using ECDSA signature validation should upgrade to 8.0.19.
Workarounds
Do strict ASN.1 DER checking for ASN.1 encoded ECDSA signature value.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-14966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
https://vuldb.com/?id.157123
https://github.com/kjur/jsrsasign/issues/437
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
https://www.itu.int/rec/T-REC-X.690
GHSA-g753-jx37-7xwh
Impact
ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign.
Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits of scalar. In jsrsasign 8.0.13 or later, execution time of EC point and scalar multiplication is almost constant and fixed for the issue.
Patches
Users using ECDSA signature generation should upgrade to 8.0.13 or later.
Workarounds
There is no workarounds in jsrsasign. Update jsrsasign or use other ECDSA library.
ACKNOWLEDGEMENT
Thanks to Jan Jancar @J08nY, Petr Svenda and Vladimir Sedlacek of Masaryk University in Czech Republic to find and report this vulnerability.
References
https://minerva.crocs.fi.muni.cz/
https://www.npmjs.com/advisories/1505
https://github.com/kjur/jsrsasign/issues/411
CVE-2020-14968
Impact
Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature.
Patches
Users using RSA-PSS signature validation should upgrade to 8.0.17.
Workarounds
Reject RSA-PSS signatures with unnecessary prepending zeros.
References
GHSA-q3gh-5r98-j4h3
https://github.com/kjur/jsrsasign/issues/438
https://nvd.nist.gov/vuln/detail/CVE-2020-14968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14968
https://vuldb.com/?id.157125
https://kjur.github.io/jsrsasign/api/symbols/RSAKey.html#.verifyWithMessageHashPSS
CVE-2020-14967
Impact
Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Patches
Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.
Workarounds
Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
https://github.com/kjur/jsrsasign/issues/439
CVE-2021-30246
Impact
Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding.
Decoded RSA signature value consists following form:
01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo]Its byte length must be the same as RSA key length, however such checking was not sufficient.
To make crafted message for practical attack is very hard.
Patches
Users validating RSA signature should upgrade to 10.2.0 or later.
Workarounds
There is no workaround. Not to use RSA signature validation in jsrsasign.
ACKNOWLEDGEMENT
Thanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.
GHSA-h87q-g2wp-47pj
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
CVE-2022-25898
Impact
Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.
For example, even if a string of non Base64URL encoding characters such as
!@​$%or\11is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.
By our internal assessment, CVSS 3.1 score will be 8.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Patches
Users validate JWS or JWT signatures should upgrade to 10.5.25.
Workarounds
Validate JWS or JWT signature if it has Base64URL and dot safe string before
executing JWS.verify() or JWS.verifyJWT() method.
ACKNOWLEDGEMENT
Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for Snyk security team for this coordination.
References
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
GHSA-3fvg-4v2m-98jf kjur's advisories
GHSA-3fvg-4v2m-98jf github advisories
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT
https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify
https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification
https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
CVE-2024-21484
Impact
RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.
Patches
update to jsrsasign 11.0.0.
Workarounds
Find and replace RSA and RSAOAEP decryption with other crypto library.
References
https://people.redhat.com/~hkario/marvin/
https://github.com/kjur/jsrsasign/issues/598
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484
Release Notes
kjur/jsrsasign (jsrsasign)
v11.0.0: remove RSA and RSAOAEP encryption for Marvin attackCompare Source
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
v10.9.0: enhanced support for encrypted PKCS8Compare Source
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
priavte key.
v10.8.6: X509.getExtSubjectDirectoryAttributes another bugfixCompare Source
v10.8.5: X509.getExtSubjectDirectoryAttributes bugfixCompare Source
v10.8.4: more SubjectDirectoryExtension supportCompare Source
ExtSubjectDirectoryAttributes extension
result has unnecessary new line in the end of string.
v10.8.3: CABF SMIMEBR OID supportCompare Source
v10.8.2: RSA OAEP encryption fixCompare Source
In rare cases, it have been generated ciphertext that
could not be decrpyted.
v10.8.1: npm export missing fixCompare Source
v10.8.0: UserNotice of CertificatePolicies support and moreCompare Source
v10.7.0: custom X.509 extension support and utility functionsCompare Source
v10.6.1: Add PolicyMappings, PolicyConstraints and InhibitAnyPolicy extension supportCompare Source
PolicyMappings, PolicyConstraints and InhibitAnyPolicy
{PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
{PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
v10.6.0: StringPrep DN canonicalization support and some fixCompare Source
z* Changes from 10.5.27 to 10.6.0 (2022-Nov-04)
DN name (a.k.a. StringPrep).
consistency with KJUR.asn1.x509.OtherName class constructor.
v10.5.27: extend CertificationRequestInfo class for challengePassword and unstructuredNameCompare Source
v10.5.26: CSRUtil class enhancementCompare Source
v10.5.25: CVE-2022-25898 Security fix in JWS and JWT validationCompare Source
verify and verifyJWT may accept signature with special characters
or \number characters by mistake.
Please see security advisory:
GHSA-3fvg-4v2m-98jf
v10.5.24: X509.getParam bugfix for v1 certificateCompare Source
v10.5.23: BitString parsing bug fixCompare Source
namearraytobinstr, extendClass)
v10.5.22: DERBitString, KeyUsage and tsp PKIFailureInfo critical bug fixCompare Source
v10.5.21Compare Source
v10.5.20: OCSP ResponderID object udpateCompare Source
X509 object for key and name field.
v10.5.19: Time stamp package updateCompare Source
will be optional. If omitted, it will be "granted" by default.
v10.5.18: Time stamp package updateCompare Source
v10.5.17: CIDR subnet mask support in iptohex and hextoipCompare Source
v10.5.16: Add NameConstraints extension and modify getEncodedHex to tohexCompare Source
in the result.
in the result.
Please use ASN1Object.tohex() instead.
v10.5.15: X509.getExtCRLDistributionPointsURI small fixCompare Source
undefined when no CDP extension as specified in document
even though it is deprecated method.
v10.5.14: KEYUTIL.getPEM small fixCompare Source
optional public key field will be omitted in such case. (#549)
v10.5.13: RSA key private generation fixCompare Source
v10.5.12: support ISO 8859-1 TeletexString and BMPString for X500NameCompare Source
ISO 8859-1 Latin1 characters. Before this version,
only supports ASCII characters.
Add support for Teletex/BMPString and more attrTypes
v10.5.11: asn1hex updateCompare Source
v10.5.10: hextoipv6 fixCompare Source
v10.5.9: small fixCompare Source
v10.5.8: OCSP CertID and X509 class updateCompare Source
v10.5.7: X509CRL.findRevCert bugfix for empty revCertsCompare Source
v10.5.6: X509CRL.findRevCert bugfixCompare Source
v10.5.5: CRL parser updateCompare Source
v10.5.4: ASN.1 parser update and fixCompare Source
v10.5.3: add OtherName support in GeneralNameCompare Source
with small update (#535)
v10.5.2: small update for OID and JWKCompare Source
v10.5.1: add KEYUTIL.getJWK, fix EC P-521 concat signature value and add support for P-521 JWS JWKCompare Source
qunit-do-keyutil-jwk
v10.5.0: Add EC support for secp521r1 secp224r1 secp192r1Compare Source
Thank you indeed for @cplussharp 's great work.
v10.4.1: GeneralizedTime, UTCTime refactoring and some bug fixCompare Source
(will be fixed in next release while rebuild)
test case added and updated.
v10.4.0: Full support for parsing OCSP responseCompare Source
v10.3.2: fix wrong OCSPRequest for EC public key certificateCompare Source
v10.3.0: remove all YUI dependencyCompare Source
v10.2.0: CVE-2021-30246 RSAKey.verify issue fixCompare Source
v10.1.13: add non-ascii BMPString supportCompare Source
v10.1.12: fix for wrong UTF-8 encoding in distinguished name parserCompare Source
v10.1.11: update X509.getVersion and add jsrsasign-util saveFileJSONCompare Source
empty(DEFAULT =v1) and [0] {INTEGER 2} (=v3).
Thus version checking is relaxed. (#471)
v10.1.10: extend support for distinguished nameCompare Source
AttributeTypeAndValue({str: "/streetAddress=foo"})
AttributeTypeAndValue({str: "/2.5.4.9=foo"})
v10.1.9: Add SubjectDirectoryAttributes extension supportCompare Source
SubjectDirectoryAttributes
such as gender, placeOfBirth et.al. for
SubjectDirectoryAttributes.
needed to be implemented in X509.js future.
v10.1.8: KEYUTIL supports PKCS8 private key with extensionprivate key extsion and and issue #454 fixed.
v10.1.5: CAdES-T support update and fixCompare Source
parseSignedDataForAddingUnsigned will not call it.
v10.1.4: TSPParser.getPKIStatusInfo bugfixCompare Source
v10.1.3: TSPParser.getPKIStatusInfo updateCompare Source
supports PKIFreeText and PKIFailureInfo
v10.1.2: add SigningCertificateV2 for CMSParser and issue fixCompare Source
SigningCertificateV2
CMSParser.getCertificateSet
v10.1.1: CMSSignedData and TimeStamp parser bugfixCompare Source
"serial" in TSTInfo class and TSPParser.getTSTInfo
method.
CMSParser.getAttributeList to align to the name
AttributeList class.
can be accepted by AttributeList constructor.
by getSignerInfo method was fixed.
v10.1.0: add new CMSSignedData and TimeStamp parser and X500Name updateCompare Source
EContent,SignerInfos,SignerInfo,SignerIdentifier,
IssuerAndSerialNumber,AttributeArray,
Attribute,ESSCertID,IssuerSerial,CertificateSet}
SigningCertificate}
PKIStatusInfo}
because of X509.getX500Name update.
base64x,x509-ext,x509crl}.html
v10.0.5: small issue fixes and updatesCompare Source
replace new Buffer() to Buffer.from() for
Node.JS deprecation (issue #460)
v10.0.4: add methods to modify some extension parametersCompare Source
v10.0.3: add findExt method in X509 classCompare Source
v10.0.2: AdobeTimeStamp X.509v3 extension parser bugfixCompare Source
v10.0.1: AdobeTimeStamp X.509v3 certificate extension addedCompare Source
v10.0.0: Major update for CMS SigneData TimeStamp and CAdESCompare Source
to allow more simple ASN.1 generation
SignedData, Attribute
ContentType, SigningTime are also
updated.
PKIStatus, PKIFreeText, PKIFailureInfo,
TSPUtil.newTimeStampToken
SignatureTimeStamp, CompleteCertificateRefs,
OtherCertID, OtherHash
argument for explicit "tage" and implicit "tagi"
now accepts name and OID. method
setValueNameOrOid added.
X509 class constructor add support for
PEM or hex string of certificate as
argument.
OID added.
v9.1.9: wrong encoding in CRLReason in OCSP CertStatus fixedCompare Source
v9.1.8: wrong encoding in byKey of OCSP ResponderID fixedCompare Source
v9.1.7: nextUpdate encoding bugfix in ocsp SingleResponseCompare Source
v9.1.6: add OCSP response and request encoderCompare Source
isserNameHash, issuerKeyHash and serialNumber
without backward compatibility
v9.1.5: ASN1HEX getChildIdx bug for too many childrenCompare Source
proper result when too many child items
such as over 200 children.
use getTLVblen instead.
v9.1.4: X509CRL parser revokedCertificate bugfixX509CRL parser revokedCertificate bugfix
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.