240 matches found
Open Redirect in digitalbazaar/forge
✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...
Prototype Pollution in node-forge
Overview The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. Recommendation Upgrade to version 0.10.0 or later. References -...
GHSA-92XJ-MQP7-VMCJ Prototype Pollution in node-forge
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...
Prototype Pollution in node-forge
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...
Prototype Pollution
node-forge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
CVE-2020-7720
A flaw was found in nodejs-node-forge. A Prototype Pollution via the util.setPath function is possible...
CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
DEBIAN-CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
UBUNTU-CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
Design/Logic Flaw
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
CVE-2020-7720
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
CVE-2020-7720 Prototype Pollution
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...
CVE-2020-7720
CVE-2020-7720 is a prototype pollution vulnerability in the node-forge library (util.setPath) present in older node-forge releases. Multiple connected sources confirm that versions prior to 0.10.0 are affected, with 0.10.0 removing the vulnerable functions. Public risk scores in the sources range...
PT-2020-6071 · Node.Js · Node-Forge
Name of the Vulnerable Software and Affected Versions: node-forge versions prior to 0.10.0 Description: The issue is related to Prototype Pollution via the util.setPath function. This can allow a remote attacker to implement a prototype pollution attack by modifying object attributes...
Prototype Pollution
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing...
Regular Expression Denial Of Service (ReDoS)
node-forge is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is caused by a weak choice of regular expression regex groups and allows a given string to cause a huge performance slow down...