CVE-2021-30130

Improper Verification of Cryptographic Signature in packagist/phpseclib/phpseclib

Identifier

CVE-2021-30130

Package Slug

packagist/phpseclib/phpseclib

Vulnerability

Improper Verification of Cryptographic Signature

Description

phpseclib mishandles RSA PKCS#1 v1.5 signature verification.

Affected Versions

All versions before 2.0.31, all versions starting from 3.0 before 3.0.7

Solution

Upgrade to versions 2.0.31, 3.0.7 or above.

Last Modified

2021-04-30

source