{"source":1102445,"name":"browserify-sign","dependency":"browserify-sign","title":"browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack","url":"https://github.com/advisories/GHSA-x9w5-v3q2-3rhw","severity":"high","versions":["2.0.0","2.1.0","2.2.0","2.3.0","2.4.0","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.8.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.8","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.1.0","4.2.0","4.2.1","4.2.2","4.2.3"],"vulnerableVersions":["2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.8.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.8","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.1.0","4.2.0","4.2.1"],"cwe":["CWE-347"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"range":">=2.6.0 <=4.2.1","id":"X7akWdfNa6vB+xo4KIjjJnHoBcnmwm8mzQuQGFLu1TUSC5hOP9S5WF/hU5E+1cvaj8svV/hJA2Yee7Rk8c5LVw=="}