PT-2026-28558

Name of the Vulnerable Software and Affected Versions Forge also called node-forge versions prior to 1.4.0 Description Forge, a native implementation of Transport Layer Security in JavaScript, contains an issue in Ed25519 signature verification. Specifically, the verification process does not...

Security Bulletin: IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA (CVE-2020-36843)

Summary IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA. Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not...