Search criteria
11 vulnerabilities by digitalbazaar
CVE-2026-33896 (GCVE-0-2026-33896)
Vulnerability from cvelistv5 – Published: 2026-03-27 20:50 – Updated: 2026-07-02 12:05
VLAI?
Title
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T18:53:46.442762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:53:50.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-27T20:50:03.418Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Forge (also known as node-forge), a JavaScript implementation of Transport Layer Security (TLS). The `pki.verifyCertificateChain()` function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extensions to enable any leaf certificate to function as a Certificate Authority (CA) and sign other certificates. Consequently, node-forge could accept these unauthorized certificates as valid, potentially leading to spoofing or the issuance of illegitimate certificates."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:17.922Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33896"
},
{
"name": "RHBZ#2452458",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452458"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33896.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-27T21:02:22.762Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-27T20:50:03.418Z",
"value": "Made public."
}
],
"title": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the `basicConstraints` and `keyUsage` extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid. Version 1.4.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:50:03.418Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"
}
],
"source": {
"advisory": "GHSA-2328-f5f3-gj25",
"discovery": "UNKNOWN"
},
"title": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33896",
"datePublished": "2026-03-27T20:50:03.418Z",
"dateReserved": "2026-03-24T15:41:47.490Z",
"dateUpdated": "2026-07-02T12:05:17.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33895 (GCVE-0-2026-33895)
Vulnerability from cvelistv5 – Published: 2026-03-27 20:47 – Updated: 2026-07-02 12:05
VLAI?
Title
Forge has signature forgery in Ed25519 due to missing S > L check
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33895",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:39:49.350161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:10:01.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-27T20:47:54.492Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Forge (also called `node-forge`), a JavaScript library used for Transport Layer Security (TLS). The library\u0027s Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could exploit this signature malleability to bypass authentication and authorization logic. This vulnerability can also circumvent security checks in applications that rely on the uniqueness of cryptographic signatures for functions such as deduplication or preventing replay attacks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:18.203Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33895"
},
{
"name": "RHBZ#2452457",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452457"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33895.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-27T21:02:18.484Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-27T20:47:54.492Z",
"value": "Made public."
}
],
"title": "node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S \u003e= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:47:54.492Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"
}
],
"source": {
"advisory": "GHSA-q67f-28xg-22rw",
"discovery": "UNKNOWN"
},
"title": "Forge has signature forgery in Ed25519 due to missing S \u003e L check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33895",
"datePublished": "2026-03-27T20:47:54.492Z",
"dateReserved": "2026-03-24T15:41:47.490Z",
"dateUpdated": "2026-07-02T12:05:18.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33894 (GCVE-0-2026-33894)
Vulnerability from cvelistv5 – Published: 2026-03-27 20:45 – Updated: 2026-07-02 12:05
VLAI?
Title
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33894",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:04:30.304300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:05:14.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-27T20:45:49.583Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:18.494Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"name": "RHBZ#2452464",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33894.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:22629: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-27T21:02:52.462Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-27T20:45:49.583Z",
"value": "Made public."
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing \u201cgarbage\u201d bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:45:49.583Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"name": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"tags": [
"x_refsource_MISC"
],
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc8017.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"source": {
"advisory": "GHSA-ppp5-5v6c-4jwp",
"discovery": "UNKNOWN"
},
"title": "Forge has signature forgery in RSA-PKCS due to ASN.1 extra field"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33894",
"datePublished": "2026-03-27T20:45:49.583Z",
"dateReserved": "2026-03-24T15:41:47.489Z",
"dateUpdated": "2026-07-02T12:05:18.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33891 (GCVE-0-2026-33891)
Vulnerability from cvelistv5 – Published: 2026-03-27 20:43 – Updated: 2026-07-02 12:05
VLAI?
Title
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue.
Severity ?
7.5 (High)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33891",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T15:38:00.562704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:38:12.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-27T20:43:37.725Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service (DoS). When the BigInteger.modInverse() function is called with a zero value, it enters an infinite loop, causing the process to hang indefinitely and consume 100% of the CPU resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:18.780Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33891"
},
{
"name": "RHBZ#2452450",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452450"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33891.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-27T21:01:34.410Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-27T20:43:37.725Z",
"value": "Made public."
}
],
"title": "node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU. Version 1.4.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:43:37.725Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
}
],
"source": {
"advisory": "GHSA-5m6q-g25r-mvwx",
"discovery": "UNKNOWN"
},
"title": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33891",
"datePublished": "2026-03-27T20:43:37.725Z",
"dateReserved": "2026-03-24T15:10:05.682Z",
"dateUpdated": "2026-07-02T12:05:18.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66030 (GCVE-0-2025-66030)
Vulnerability from cvelistv5 – Published: 2025-11-26 22:23 – Updated: 2025-11-28 18:25
VLAI?
Title
node-forge ASN.1 OID Integer Truncation
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:24:09.809868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:25:02.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:23:41.548Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb"
}
],
"source": {
"advisory": "GHSA-65ch-62r8-g69g",
"discovery": "UNKNOWN"
},
"title": "node-forge ASN.1 OID Integer Truncation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66030",
"datePublished": "2025-11-26T22:23:41.548Z",
"dateReserved": "2025-11-21T01:08:02.614Z",
"dateUpdated": "2025-11-28T18:25:02.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66031 (GCVE-0-2025-66031)
Vulnerability from cvelistv5 – Published: 2025-11-26 22:23 – Updated: 2025-11-28 18:27
VLAI?
Title
node-forge ASN.1 Unbounded Recursion
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Severity ?
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:26:11.800439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:27:06.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:23:26.013Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
}
],
"source": {
"advisory": "GHSA-554w-wpv2-vw27",
"discovery": "UNKNOWN"
},
"title": "node-forge ASN.1 Unbounded Recursion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66031",
"datePublished": "2025-11-26T22:23:26.013Z",
"dateReserved": "2025-11-21T01:08:02.614Z",
"dateUpdated": "2025-11-28T18:27:06.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-31995 (GCVE-0-2024-31995)
Vulnerability from cvelistv5 – Published: 2024-04-10 21:57 – Updated: 2024-08-02 01:59
VLAI?
Title
zcap has incomplete expiration checks in capability chains.
Summary
`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | zcap |
Affected:
< 9.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T17:44:20.360065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:54.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv"
},
{
"name": "https://github.com/digitalbazaar/zcap/pull/82",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/zcap/pull/82"
},
{
"name": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe"
},
{
"name": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zcap",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 9.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T21:57:41.129Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv"
},
{
"name": "https://github.com/digitalbazaar/zcap/pull/82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/zcap/pull/82"
},
{
"name": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe"
},
{
"name": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5"
}
],
"source": {
"advisory": "GHSA-hp8h-7x69-4wmv",
"discovery": "UNKNOWN"
},
"title": "zcap has incomplete expiration checks in capability chains."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31995",
"datePublished": "2024-04-10T21:57:41.129Z",
"dateReserved": "2024-04-08T13:48:37.491Z",
"dateUpdated": "2024-08-02T01:59:50.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24772 (GCVE-0-2022-24772)
Vulnerability from cvelistv5 – Published: 2022-03-18 13:30 – Updated: 2025-04-23 18:46
VLAI?
Title
Improper Verification of Cryptographic Signature in `node-forge`
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:34.551775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:10.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T13:30:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
],
"source": {
"advisory": "GHSA-x4jg-mjrx-434g",
"discovery": "UNKNOWN"
},
"title": "Improper Verification of Cryptographic Signature in `node-forge`",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24772",
"STATE": "PUBLIC",
"TITLE": "Improper Verification of Cryptographic Signature in `node-forge`"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "forge",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "digitalbazaar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
},
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g",
"refsource": "CONFIRM",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g"
}
]
},
"source": {
"advisory": "GHSA-x4jg-mjrx-434g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24772",
"datePublished": "2022-03-18T13:30:20.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:46:10.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24773 (GCVE-0-2022-24773)
Vulnerability from cvelistv5 – Published: 2022-03-18 13:30 – Updated: 2025-04-23 18:46
VLAI?
Title
Improper Verification of Cryptographic Signature in `node-forge`
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Severity ?
5.3 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:37.127478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:17.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T13:30:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
}
],
"source": {
"advisory": "GHSA-2r2c-g63r-vccr",
"discovery": "UNKNOWN"
},
"title": "Improper Verification of Cryptographic Signature in `node-forge`",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24773",
"STATE": "PUBLIC",
"TITLE": "Improper Verification of Cryptographic Signature in `node-forge`"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "forge",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "digitalbazaar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
},
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr",
"refsource": "CONFIRM",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2"
}
]
},
"source": {
"advisory": "GHSA-2r2c-g63r-vccr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24773",
"datePublished": "2022-03-18T13:30:14.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:46:17.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24771 (GCVE-0-2022-24771)
Vulnerability from cvelistv5 – Published: 2022-03-18 13:25 – Updated: 2025-04-23 18:46
VLAI?
Title
Improper Verification of Cryptographic Signature in node-forge
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | forge |
Affected:
< 1.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:40.258463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:46:25.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "forge",
"vendor": "digitalbazaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T13:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
}
],
"source": {
"advisory": "GHSA-cfm4-qjh2-4765",
"discovery": "UNKNOWN"
},
"title": "Improper Verification of Cryptographic Signature in node-forge",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24771",
"STATE": "PUBLIC",
"TITLE": "Improper Verification of Cryptographic Signature in node-forge"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "forge",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.0"
}
]
}
}
]
},
"vendor_name": "digitalbazaar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765",
"refsource": "CONFIRM",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1"
}
]
},
"source": {
"advisory": "GHSA-cfm4-qjh2-4765",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24771",
"datePublished": "2022-03-18T13:25:11.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:46:25.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0122 (GCVE-0-2022-0122)
Vulnerability from cvelistv5 – Published: 2022-01-06 05:00 – Updated: 2024-08-02 23:18
VLAI?
Title
Open Redirect in digitalbazaar/forge
Summary
forge is vulnerable to URL Redirection to Untrusted Site
Severity ?
5.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| digitalbazaar | digitalbazaar/forge |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "digitalbazaar/forge",
"vendor": "digitalbazaar",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "forge is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-06T05:00:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e"
}
],
"source": {
"advisory": "41852c50-3c6d-4703-8c55-4db27164a4ae",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in digitalbazaar/forge",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0122",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in digitalbazaar/forge"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "digitalbazaar/forge",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "digitalbazaar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "forge is vulnerable to URL Redirection to Untrusted Site"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae"
},
{
"name": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e",
"refsource": "MISC",
"url": "https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e"
}
]
},
"source": {
"advisory": "41852c50-3c6d-4703-8c55-4db27164a4ae",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0122",
"datePublished": "2022-01-06T05:00:12.000Z",
"dateReserved": "2022-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}