Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
node-forge ASN.1 OID Integer Truncation
Vulnerability Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
CVSS Information
N/A
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
node-forge 输入验证错误漏洞
Vulnerability Description
node-forge是一个应用软件。一个用于 node-forge 的 WebJar。 node-forge 1.3.1及之前版本存在输入验证错误漏洞,该漏洞源于整数溢出,可能导致远程未经身份验证的攻击者绕过基于OID的安全决策。
CVSS Information
N/A
Vulnerability Type
N/A