Search for packages
| purl | pkg:npm/forge@1.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-918k-jaua-efcg
Aliases: CVE-2022-24771 GHSA-cfm4-qjh2-4765 |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. |
Affected by 0 other vulnerabilities. |
|
VCID-rass-mdkt-27e6
Aliases: CVE-2022-24773 GHSA-2r2c-g63r-vccr |
Improper Verification of Cryptographic Signature in `node-forge` |
Affected by 0 other vulnerabilities. |
|
VCID-ytae-c7vj-f7ga
Aliases: CVE-2022-24772 GHSA-x4jg-mjrx-434g |
Improper Verification of Cryptographic Signature in node-forge |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T18:02:59.917184+00:00 | GitLab Importer | Affected by | VCID-rass-mdkt-27e6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/forge/CVE-2022-24773.yml | 38.6.0 |
| 2026-06-12T18:02:55.439334+00:00 | GitLab Importer | Affected by | VCID-ytae-c7vj-f7ga | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/forge/CVE-2022-24772.yml | 38.6.0 |
| 2026-06-12T18:02:52.571291+00:00 | GitLab Importer | Affected by | VCID-918k-jaua-efcg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/forge/CVE-2022-24771.yml | 38.6.0 |