Lucene search

K

Forge Security Vulnerabilities

cve
cve

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

9.8CVSS

7AI Score

0.002EPSS

2020-09-01 10:15 AM
70
cve
cve

CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site

6.1CVSS

6.2AI Score

0.001EPSS

2022-01-06 05:15 AM
45
cve
cve

CVE-2022-24771

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unche...

7.5CVSS

7.2AI Score

0.001EPSS

2022-03-18 02:15 PM
129
2
cve
cve

CVE-2022-24772

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed a...

7.5CVSS

7.3AI Score

0.001EPSS

2022-03-18 02:15 PM
139
2
cve
cve

CVE-2022-24773

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that con...

5.3CVSS

5.1AI Score

0.001EPSS

2022-03-18 02:15 PM
125