2 matches found
Uncontrolled Recursion
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...
GHSA-554W-WPV2-VW27 node-forge has ASN.1 Unbounded Recursion
Summary An Uncontrolled Recursion CWE-674 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service DoS via stack exhaustion when parsing untrusted DER...