Lucene search
K

240 matches found

Huntr
Huntr
added 2021/09/04 11:14 a.m.28 views

Open Redirect in digitalbazaar/forge

✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...

5.8CVSS0.3AI score0.00832EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 5:38 p.m.35 views

Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service.

Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS1.7AI score0.03162EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/26 9:46 p.m.37 views

Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager.

Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...

9.8CVSS2.4AI score0.03162EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2020/09/30 6:39 p.m.87 views

Prototype Pollution in node-forge

Overview The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. Recommendation Upgrade to version 0.10.0 or later. References -...

7.5CVSS3.6AI score0.03162EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/09/14 9:42 p.m.33 views

GHSA-92XJ-MQP7-VMCJ Prototype Pollution in node-forge

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS8.1AI score0.03162EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2020/09/14 9:42 p.m.168 views

Prototype Pollution in node-forge

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS5.1AI score0.03162EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2020/09/02 6:31 a.m.23 views

Prototype Pollution

node-forge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.5AI score0.03162EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2020/09/01 6:18 p.m.30 views

CVE-2020-7720

A flaw was found in nodejs-node-forge. A Prototype Pollution via the util.setPath function is possible...

7.3CVSS3.9AI score0.03162EPSS
Exploits1References4
NVD
NVD
added 2020/09/01 10:15 a.m.26 views

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS9.4AI score0.03162EPSS
Exploits1References3
OSV
OSV
added 2020/09/01 10:15 a.m.27 views

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

7.3CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2020/09/01 10:15 a.m.4 views

DEBIAN-CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

7.3CVSS7.6AI score0.03162EPSS
Exploits1References1
OSV
OSV
added 2020/09/01 10:15 a.m.13 views

UBUNTU-CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS7.2AI score0.03162EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2020/09/01 10:15 a.m.29 views

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS7.1AI score0.03162EPSS
Exploits1References5
Prion
Prion
added 2020/09/01 10:15 a.m.26 views

Design/Logic Flaw

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

7.5CVSS7.1AI score0.03162EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/09/01 9:35 a.m.33 views

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS8.3AI score0.03162EPSS
Exploits1
Cvelist
Cvelist
added 2020/09/01 9:35 a.m.38 views

CVE-2020-7720 Prototype Pollution

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS9.4AI score0.03162EPSS
Exploits1References3
CVE
CVE
added 2020/09/01 9:35 a.m.152 views

CVE-2020-7720

CVE-2020-7720 is a prototype pollution vulnerability in the node-forge library (util.setPath) present in older node-forge releases. Multiple connected sources confirm that versions prior to 0.10.0 are affected, with 0.10.0 removing the vulnerable functions. Public risk scores in the sources range...

9.8CVSS7.1AI score0.03162EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.4 views

PT-2020-6071 · Node.Js · Node-Forge

Name of the Vulnerable Software and Affected Versions: node-forge versions prior to 0.10.0 Description: The issue is related to Prototype Pollution via the util.setPath function. This can allow a remote attacker to implement a prototype pollution attack by modifying object attributes...

9.8CVSS8.1AI score0.03162EPSS
Exploits1References14
Snyk
Snyk
added 2020/08/14 10:24 a.m.4 views

Prototype Pollution

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing...

9.8CVSS8.2AI score0.03162EPSS
Exploits1References2
Veracode
Veracode
added 2018/02/20 5:1 a.m.9 views

Regular Expression Denial Of Service (ReDoS)

node-forge is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is caused by a weak choice of regular expression regex groups and allows a given string to cause a huge performance slow down...

6.5AI score
Exploits0
Rows per page
Query Builder