Astra Linux - уязвимость в node-sha.js

There is a vulnerability in input validation in sha.js that allows for manipulation of input data. This issue affects sha.js version 2.4.11...

Injection sha.js Dependency in Jira Software Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center and Server. This Injection vulnerability, with a CVSS Score of 9.1 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows an...

Improper Input Validation

sha.js is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of input data, which allows an attacker to manipulate crafted inputs to influence how data is processed...

Security Bulletin: Astronomer with IBM is vulnerable to improper input validation due to the sha.js package (CVE-2025-9288)

Summary Sha.js is used by Astronomer with IBM as part of the cryptographic processing functionality. Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20:...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js:...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : sha.js vulnerability (USN-7778-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7778-1 advisory. Nikita Skovoroda discovered that sha.js did not properly handle certain inputs. An attacker could possibly use this...

sha.js is missing type checks leading to hash rewind and passing on crafted data

Summary This is the same as GHSA-cpq7-6gpm-g9rc but just for sha.js, as it has its own implementation. Missing input type checks can allow types other than a well-formed Buffer or string, resulting in invalid values, hanging and rewinding the hash state including turning a tagged hash into an...

CVE-2025-9288

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288

The CVE-2025-9288 issue is an Improper Input Validation vulnerability in sha.js (node-sha.js) with incomplete type checks that can lead to Input Data Manipulation. Public reports tie the vulnerability to sha.js up to version 2.4.11. Debian advisories (DSA-6002-1, DLA-4302-1, DLA-4291-1) describe ...

PT-2025-34165

Name of the Vulnerable Software and Affected Versions sha.js versions through 2.4.11 Description An improper input validation vulnerability exists in sha.js, allowing for input data manipulation. This flaw can lead to hash collisions and potentially private key extraction, threatening web...

sha.js 安全漏洞

sha.js is an open source application from Browserify. A security vulnerability exists in sha.js version 2.4.11 and earlier, which stems from improper input validation and could lead to tampering of input data...