The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | node-node-forge | < 0.10.0~dfsg-1 | node-node-forge_0.10.0~dfsg-1_all.deb |
Debian | 10 | all | node-node-forge | <= 0.8.1~dfsg-1+deb10u1 | node-node-forge_0.8.1~dfsg-1+deb10u1_all.deb |
Debian | 999 | all | node-node-forge | < 0.10.0~dfsg-1 | node-node-forge_0.10.0~dfsg-1_all.deb |