Digitalbazaar

Forge

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-33896

Exploit
  • EPSS 0.02%
  • Veröffentlicht 27.03.2026 20:50:03
  • Zuletzt bearbeitet 14.04.2026 01:13:21

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lac...

7.5

CVE-2026-33895

  • EPSS 0.03%
  • Veröffentlicht 27.03.2026 20:47:54
  • Zuletzt bearbeitet 14.04.2026 01:14:42

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group o...

7.5

CVE-2026-33894

  • EPSS 0.02%
  • Veröffentlicht 27.03.2026 20:45:49
  • Zuletzt bearbeitet 17.04.2026 21:16:42

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge...

7.5

CVE-2026-33891

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.03.2026 20:43:37
  • Zuletzt bearbeitet 08.04.2026 13:50:28

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInver...

5.3

CVE-2025-66030

  • EPSS 0.05%
  • Veröffentlicht 26.11.2025 22:23:41
  • Zuletzt bearbeitet 06.12.2025 00:20:44

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures contai...

7.5

CVE-2025-66031

  • EPSS 0.14%
  • Veröffentlicht 26.11.2025 22:23:26
  • Zuletzt bearbeitet 06.12.2025 00:22:18

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 struct...

8.6

CVE-2025-12816

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.11.2025 19:15:50
  • Zuletzt bearbeitet 02.01.2026 19:02:08

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cry...

7.5

CVE-2022-24771

  • EPSS 0.14%
  • Veröffentlicht 18.03.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:03

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted...

7.5

CVE-2022-24772

  • EPSS 0.16%
  • Veröffentlicht 18.03.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:03

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 st...

5.3

CVE-2022-24773

  • EPSS 0.13%
  • Veröffentlicht 18.03.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:04

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lea...