9.1
CVE-2025-9288
- EPSS 0.65%
- Veröffentlicht 20.08.2025 21:59:44
- Zuletzt bearbeitet 03.11.2025 19:16:17
- CVE-Watchlists
- Unerledigt
Missing type checks leading to hash rewind and passing on crafted data
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Browserify ≫ Sha.Js SwPlatformnode.js Version <= 2.4.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.463 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| 7ffcee3d-2c14-4c3e-b844-86c6a321a158 | 9.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
https://github.com/browserify/sha.js/pull/78
https://www.cve.org/CVERecord?id=CVE-2025-9287
https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html