{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/node.js/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["denial-of-service","javascript","node.js","jsrsasign","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe jsrsasign library, a popular JavaScript library for implementing cryptography standards, is susceptible to a denial-of-service vulnerability. Specifically, versions prior to 11.1.1 are vulnerable to CVE-2026-4598, where the \u003ccode\u003ebnModInverse\u003c/code\u003e function within \u003ccode\u003eext/jsbn2.js\u003c/code\u003e can enter an infinite loop when processing zero or negative inputs to the \u003ccode\u003eBigInteger.modInverse\u003c/code\u003e function. An attacker can exploit this by providing maliciously crafted values (e.g., \u003ccode\u003emodInverse(0, m)\u003c/code\u003e or `modInverse(-1…\u003c/p\u003e\n","date_modified":"2026-03-23T06:16:21Z","date_published":"2026-03-23T06:16:21Z","id":"/briefs/2026-03-jsrsasign-infinite-loop/","summary":"Jsrsasign versions before 11.1.1 are vulnerable to an infinite loop via the bnModInverse function when processing zero or negative inputs, potentially leading to a denial of service.","title":"Jsrsasign Infinite Loop Vulnerability (CVE-2026-4598)","url":"https://feed.craftedsignal.io/briefs/2026-03-jsrsasign-infinite-loop/"}],"language":"en","title":"CraftedSignal Threat Feed — Node.js","version":"https://jsonfeed.org/version/1.1"}