EPSS
Percentile
36.5%
node-forge is vulnerable to improper verification of the cryptographic signature. The vulnerability exists due to improper signature verification of tailing garbage bytes in the rsa.js file allowing an attacker to execute a signature forge attack
rsa.js
github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g