CNNVD-202508-2336 Information

CNNVD ID

CNNVD-202508-2336

Related CVE

CVE-2025-9288

• CNNVD Published: 2025-08-20

Description (Chinese)

sha.js是Browserify开源的一个应用软件。 sha.js 2.4.11及之前版本存在安全漏洞，该漏洞源于输入验证不当，可能导致输入数据被篡改。

Description (English)

Sha.js is an application from Brownserifi. Sha.js 2.4.11 and previous versions contain a security loophole, which stems from inappropriate input validation and may lead to the manipulation of input data.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Browserify

Published

2025-08-20

Last Modified

2026-02-24

References

https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5 https://www.cve.org/CVERecord?id=CVE-2025-9287 https://github.com/browserify/sha.js/pull/78 https://nvd.nist.gov/vuln/detail/CVE-2025-9288 https://vigilance.fr/vulnerability/node-sha-js-read-write-access-dated-16-09-2025-48235

Patch

https://github.com/browserify/sha.js/tags