Lucene search

Veracode Vulnerability DatabaseVERACODE:33542

HistoryJan 07, 2022 - 4:32 a.m.

URL Redirection

2022-01-0704:32:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

node-forge is vulnerable to URL redirection. The use of an insecure URL parsing in forge.util.parseUrl() (and forge.http.parseUrl alias) allows a URL redirection to malicious site.

CPENameOperatorVersion
node-forgele0.10.0
node-forgele0.10.0
node-forgele0.10.0
node-forgele0.10.0

Name	Operator	Version
node-forge	le	0.10.0
node-forge	le	0.10.0
node-forge	le	0.10.0
node-forge	le	0.10.0

References

github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e

huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae

huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:33542