233 matches found
Open Redirect in node-forge
parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40762 more potentially affected by CVE-2022-0122 via node-forge (>=0.10.0 <=0.9.2)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
GHSA-8FR3-HFG3-GPGP Open Redirect in node-forge
parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path...
Server-Side Request Forgery (SSRF)
node-forge is vulnerable to server-side request forgery. The vulnerability exists in parseUrl because certain relative paths are mishandled when validating, which allows the bypass of the URL redirection validation...
Prototype Pollution
node-forge is vulnerable to prototype pollution. The vulnerability exists through the 'debug.set' function in 'debug.js' , allowing an attacker to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
GHSA-5RRQ-PXF6-6JX5 Prototype Pollution in node-forge debug API.
Impact The forge.debug API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40762 more potentially affected by unknown CVE via node-forge (>=0.10.0 <=0.9.2)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
GHSA-WXGW-QJ99-44C2 Prototype Pollution in node-forge util.setPath API
Impact forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself. Patches The forge.util.setPath API and related functions were removed in 0.10.0. Workarounds Don't call forge.util.setPath directly or indirectly with untruste...
Prototype Pollution in node-forge util.setPath API
Impact forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself. Patches The forge.util.setPath API and related functions were removed in 0.10.0. Workarounds Don't call forge.util.setPath directly or indirectly with untruste...
GHSA-GF8Q-JRPM-JVXQ URL parsing in node-forge could lead to undesired behavior.
Impact The regex used for the forge.util.parseUrl API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior. Patches forge.util.parseUrl and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40762 more potentially affected by CVE-2022-0122 via node-forge (>=0.10.0 <=0.9.2)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
URL parsing in node-forge could lead to undesired behavior.
Impact The regex used for the forge.util.parseUrl API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior. Patches forge.util.parseUrl and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the...
URL Redirection
node-forge is vulnerable to URL redirection. The use of an insecure URL parsing in forge.util.parseUrl and forge.http.parseUrl alias allows a URL redirection to malicious site...
Open Redirect in digitalbazaar/forge
✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...
Prototype Pollution in node-forge
Overview The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. Recommendation Upgrade to version 0.10.0 or later. References -...
GHSA-92XJ-MQP7-VMCJ Prototype Pollution in node-forge
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...
Prototype Pollution in node-forge
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing the vulnerable functions...
Prototype Pollution
node-forge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...