AZL-71125 CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

UBUNTU-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

Interpretation Conflict

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to become desynchronized, resulting in semantic divergence that may allow bypassing...

-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +1080 more potentially affected by CVE-2025-12816 via node-forge (>=1.0.0 <=1.3.1)

node-forge NPM version =1.0.0, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =1.1.0, =1.2.1, =1.0.0, =1.2.6, =1.23.2, =3.0.0-alpha.0, =3.1.0, =3.11.0-rc.1 and more Source cves: CVE-2025-12816 Source advisory: SNYK:JS-NODEFORGE-14114940...

Interpretation Conflict

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to...

CVE-2025-12816 CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816 CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816

CVE-2025-12816 — node-forge (v1.3.1 and earlier) Summary: An interpretation-conflict (CWE-436) vulnerability in node-forge enables unauthenticated attackers to craft ASN.1 structures that desynchronize schema validations, causing semantic divergence and potential bypass of downstream cryptographi...

node-forge 安全漏洞

node-forge is a software application. A WebJar for node-forge. A security vulnerability exists in node-forge 1.3.1 and earlier versions, which stems from an ASN.1 structure parsing conflict that could bypass downstream cryptographic authentication...

Forge JavaScript library impacted by a vulnerability in signature verification.

Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

EUVD-2020-0922

Malware in sbrugna...

EUVD-2022-1576

Malicious code in bioql PyPI...

EUVD-2022-1403

Malicious code in bioql PyPI...

EUVD-2022-1274

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-7720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )

Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...

Linux Distros Unpatched Vulnerability : CVE-2022-24771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification...