Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9jed-5rk2-fuha
Vulnerability ID VCID-9jed-5rk2-fuha
Aliases CVE-2022-0122
GHSA-8fr3-hfg3-gpgp
Summary Open Redirect in node-forge
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2022-0122
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2022-0122
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2022-0122
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
cvssv3.1 6.1 https://github.com/digitalbazaar/forge
generic_textual MODERATE https://github.com/digitalbazaar/forge
cvssv3.1 6.1 https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
generic_textual MODERATE https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
cvssv3.1 6.1 https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
generic_textual MODERATE https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0122
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-0122
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-0122
https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
CVE-2022-0122 https://nvd.nist.gov/vuln/detail/CVE-2022-0122
GHSA-8fr3-hfg3-gpgp https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/digitalbazaar/forge
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0122
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54992
EPSS Score 0.00315
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:27:37.943743+00:00 GHSA Importer Import https://github.com/advisories/GHSA-8fr3-hfg3-gpgp 38.6.0