12 matches found
CVE-2022-24772
CVE-2022-24772 is a vulnerability in Forge/node-forge where RSA PKCS#1 v1.5 signature verification does not check for trailing garbage after decoding a DigestInfo, enabling signature forging when a low exponent is used. The issue has a fixed remedy in node-forge version 1.3.0. Connected sources c...
CVE-2022-24771
CVE-2022-24771 affects Forge (node-forge). Prior to 1.3.0, RSA PKCS#1 v1.5 signature verification is lenient, allowing a crafted DigestInfo structure to steal padding bytes and forge a signature when a low public exponent is used. The issue is fixed in node-forge 1.3.0. Practical impact, as state...
CVE-2022-24773
Technical details about CVE-2022-24773 (affected products/versions, root cause, impact, and fixes) are not provided in the connected documents. Monitor for updates from the vendor/CNA disclosures to obtain concrete information.
CVE-2020-7720
CVE-2020-7720 is a prototype pollution vulnerability in the node-forge library (util.setPath) present in older node-forge releases. Multiple connected sources confirm that versions prior to 0.10.0 are affected, with 0.10.0 removing the vulnerable functions. Public risk scores in the sources range...
CVE-2022-0122
CVE-2022-0122 — The initial description notes that the Forge (node-forge) library is vulnerable to URL Redirection to Untrusted Site. The connected documents confirm this CVE is present in the Forge project, with a reference to a Forge commit that relates to the issue, but there are no explicit p...
CVE-2026-33896
Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates to confirm scope and fixes.
CVE-2026-33895
Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S
CVE-2025-12816
CVE-2025-12816 — node-forge (v1.3.1 and earlier) Summary: An interpretation-conflict (CWE-436) vulnerability in node-forge enables unauthenticated attackers to craft ASN.1 structures that desynchronize schema validations, causing semantic divergence and potential bypass of downstream cryptographi...
CVE-2025-66031
CVE-2025-66031 pertains to the node-forge (Forge) library. An Uncontrolled Recursion vulnerability in node-forge
CVE-2025-66030
CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...
CVE-2026-33891
CVE-2026-33891 affects Forge/node-forge prior to 1.4.0, where BigInteger.modInverse() can enter an infinite loop when given zero, causing a DoS with 100% CPU. The issue is resolved in 1.4.0. Related OSV entries confirm patches in downstream packages (e.g., Root’s @rootio/node-forge) with multiple...
CVE-2026-33894
Forge (node-forge) prior to version 1.4.0 is vulnerable to RSASSA-PKCS1 v1.5 signature forgery for low exponent keys (e = 3). The issue arises from forging signatures by injecting extra bytes inside the ASN.1 structure and by not enforcing a minimum PKCS#1 v1.5 padding length of 8 bytes, enabling...