Forge Security Vulnerabilities and Issues — Forge CVE List

Lucene search

DigitalbazaarForge

5 matches found

CVE•added 2022/03/18 2:15 p.m.•211 views

CVE-2022-24772

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed a...

7.5CVSS7.5AI score0.00116EPSS

CVE•added 2022/03/18 2:15 p.m.•207 views

CVE-2022-24771

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unche...

7.5CVSS7.4AI score0.00106EPSS

CVE•added 2022/03/18 2:15 p.m.•191 views

CVE-2022-24773

Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that con...

5.3CVSS5.6AI score0.00064EPSS

CVE•added 2020/09/01 10:15 a.m.•105 views

CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

9.8CVSS7.1AI score0.01412EPSS

CVE•added 2022/01/06 5:15 a.m.•58 views

CVE-2022-0122

forge is vulnerable to URL Redirection to Untrusted Site

6.1CVSS5.8AI score0.00559EPSS