Node.js — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/node.js/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 06:16:21 +0000Jsrsasign Infinite Loop Vulnerability (CVE-2026-4598)https://feed.craftedsignal.io/briefs/2026-03-jsrsasign-infinite-loop/Mon, 23 Mar 2026 06:16:21 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-jsrsasign-infinite-loop/Jsrsasign versions before 11.1.1 are vulnerable to an infinite loop via the bnModInverse function when processing zero or negative inputs, potentially leading to a denial of service.The jsrsasign library, a popular JavaScript library for implementing cryptography standards, is susceptible to a denial-of-service vulnerability. Specifically, versions prior to 11.1.1 are vulnerable to CVE-2026-4598, where the bnModInverse function within ext/jsbn2.js can enter an infinite loop when processing zero or negative inputs to the BigInteger.modInverse function. An attacker can exploit this by providing maliciously crafted values (e.g., modInverse(0, m) or `modInverse(-1…

]]>highadvisorydenial-of-servicejavascriptnode.jsjsrsasignvulnerability