CVEs-PoC/2021/CVE-2021-30246.md

### [CVE-2021-30246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30246)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/KarthickSivalingam/jsrsasign-github
- https://github.com/coachaac/jsrsasign-npm
- https://github.com/diotoborg/laudantium-itaque-esse
- https://github.com/f1stnpm2/nobis-minima-odio
- https://github.com/firanorg/et-non-error
- https://github.com/kjur/jsrsasign
- https://github.com/zibuthe7j11/repellat-sapiente-quas