Please report security issues to [email protected].
Security: digitalbazaar/forge
Security
SECURITY.md
-
RSA PKCS#1 v1.5 signature verification failing to check tailing garbage bytes can lead to signature forgery.GHSA-x4jg-mjrx-434g published
Mar 17, 2022 by davidlehnHigh -
RSA PKCS#1 v1.5 signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery.GHSA-cfm4-qjh2-4765 published
Mar 17, 2022 by davidlehnHigh -
RSA PKCS#1 v1.5 signature verification leniency in checking `DigestInfo` structure.GHSA-2r2c-g63r-vccr published
Mar 17, 2022 by davidlehnModerate -
URL parsing in node-forge could lead to undesired behavior.GHSA-gf8q-jrpm-jvxq published
Jan 6, 2022 by davidlehnLow -
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in node-forge debug API.GHSA-5rrq-pxf6-6jx5 published
Jan 6, 2022 by davidlehnLow -
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in node-forge util.setPath APIGHSA-wxgw-qj99-44c2 published
Jan 6, 2022 by davidlehnLow
Learn more about advisories related to digitalbazaar/forge in the GitHub Advisory Database