Lucene search
K

8 matches found

CVE
CVE
added 2022/03/18 1:30 p.m.291 views

CVE-2022-24772

CVE-2022-24772 is a vulnerability in Forge/node-forge where RSA PKCS#1 v1.5 signature verification does not check for trailing garbage after decoding a DigestInfo, enabling signature forging when a low exponent is used. The issue has a fixed remedy in node-forge version 1.3.0. Connected sources c...

7.5CVSS7.5AI score0.01015EPSS
CVE
CVE
added 2022/03/18 1:25 p.m.288 views

CVE-2022-24771

CVE-2022-24771 affects Forge (node-forge). Prior to 1.3.0, RSA PKCS#1 v1.5 signature verification is lenient, allowing a crafted DigestInfo structure to steal padding bytes and forge a signature when a low public exponent is used. The issue is fixed in node-forge 1.3.0. Practical impact, as state...

7.5CVSS7.4AI score0.00717EPSS
CVE
CVE
added 2022/03/18 1:30 p.m.277 views

CVE-2022-24773

Technical details about CVE-2022-24773 (affected products/versions, root cause, impact, and fixes) are not provided in the connected documents. Monitor for updates from the vendor/CNA disclosures to obtain concrete information.

5.3CVSS5.6AI score0.00875EPSS
CVE
CVE
added 2020/09/01 9:35 a.m.150 views

CVE-2020-7720

CVE-2020-7720 is a prototype pollution vulnerability in the node-forge library (util.setPath) present in older node-forge releases. Multiple connected sources confirm that versions prior to 0.10.0 are affected, with 0.10.0 removing the vulnerable functions. Public risk scores in the sources range...

9.8CVSS7.1AI score0.03162EPSS
CVE
CVE
added 2022/01/06 5:0 a.m.101 views

CVE-2022-0122

CVE-2022-0122 — The initial description notes that the Forge (node-forge) library is vulnerable to URL Redirection to Untrusted Site. The connected documents confirm this CVE is present in the Forge project, with a reference to a Forge commit that relates to the issue, but there are no explicit p...

6.1CVSS5.8AI score0.00832EPSS
CVE
CVE
added 2025/11/26 10:23 p.m.35 views

CVE-2025-66030

CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...

6.3CVSS6.5AI score0.00276EPSS
CVE
CVE
added 2025/11/26 10:23 p.m.34 views

CVE-2025-66031

CVE-2025-66031 pertains to the node-forge (Forge) library. An Uncontrolled Recursion vulnerability in node-forge

8.7CVSS6.5AI score0.00373EPSS
CVE
CVE
added 2026/03/27 8:45 p.m.24 views

CVE-2026-33894

Forge (node-forge) prior to version 1.4.0 is vulnerable to RSASSA-PKCS1 v1.5 signature forgery for low exponent keys (e = 3). The issue arises from forging signatures by injecting extra bytes inside the ASN.1 structure and by not enforcing a minimum PKCS#1 v1.5 padding length of 8 bytes, enabling...

7.5CVSS6.8AI score0.00339EPSS