4 matches found
Improper Verification Of Signature
node-forge is vulnerable to improper verification of the cryptographic signature. The vulnerability exists due to improper signature verification of tailing garbage bytes in the rsa.js file allowing an attacker to execute a signature forge attack...
DEBIAN-CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
CVE-2022-0122
forge is vulnerable to URL Redirection to Untrusted Site...
CVE-2022-0122 Open Redirect in digitalbazaar/forge
forge is vulnerable to URL Redirection to Untrusted Site...