Digital Bazaar Forge 安全漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar. It is also an open-source tool used for developing encrypted and network-intensive web applications. Versions of Forge prior to 1.4.0 contained a security vulnerability caused by an infini...

Digital Bazaar Forge 信任管理问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a trust management vulnerability. Th...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it serves as an open-source tool for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 contained a data manipulation...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a data manipulation vulnerability...

zcap 安全漏洞

zcap is an open source reference implementation library for linked data functions from Digital Bazaar. A security vulnerability exists in zcap versions prior to v9.0.1, which stems from a security issue with the expiration check in Incomplete expiration that allows calls outside of the expected...

PT-2024-24345 · Digital Bazaar · @Digitalbazaar/Zcap

Name of the Vulnerable Software and Affected Versions: @digitalbazaar/zcap versions prior to 9.0.1 Description: The issue arises when invoking a capability with a chain depth of 2, where the expires property is not properly checked against the current date or other date param. This can allow...

Digital Bazaar Forge Data Forgery Issue Vulnerability

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Digital Bazaar's Tls in Javascript and an open source tool for writing cryptographic and web-intensive web applications. Prior to Digital Bazaar Forge version 1.3.0, a data forgery vulnerability exists in RSA PKCS, which stems from the loose...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

Digital Bazaar Forge 输入验证错误漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and web-intensive web applications from Digital Bazaar, Inc. An input validation error vulnerability exists in Digital Bazaar Forge, which stems from the product allowing URL...

Open Redirect in digitalbazaar/forge

✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...