Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2021-30130

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

VectorNETWORK

PublishedApr 06, 2021, 15:15

Published Bycve@mitre.org

Base Score

Score7.5

Package (Ecosystem)IntroducedFixedLimit

phpseclib/phpseclib(Packagist)3.0.03.0.7N/A

phpseclib/phpseclib(Packagist)02.0.31N/A

CWE-347

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK