Read Time:16 Second

It was reported that incorrect bound checks in the dsaVerify function
in node-browserify-sign, a Node.js library which adds crypto signing
for browsers, allows an attacker to perform signature forgery attacks
by constructing signatures that can be successfully verified by any
public key.

https://security-tracker.debian.org/tracker/DSA-5539-1

Read More