CNNVD-202511-2712 Information

CNNVD ID

CNNVD-202511-2712

Related CVE

CVE-2025-12816

• CNNVD Published: 2025-11-25

Description (Chinese)

node-forge是一个应用软件。一个用于 node-forge 的 WebJar。 node-forge 1.3.1及之前版本存在安全漏洞，该漏洞源于ASN.1结构解析冲突，可能绕过下游加密验证。

Description (English)

Node-forge is an application. A WebJar for node-forge. There is a security loophole in node-forge 1.3.1 and earlier versions, which stems from the ASN.1 structural resolution conflict and may bypass the downstream encryption authentication.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-25

Last Modified

2026-02-24

References

https://github.com/digitalbazaar/forge https://github.com/digitalbazaar/forge/pull/1124 https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq https://kb.cert.org/vuls/id/521113 https://www.npmjs.com/package/node-forge https://www.kb.cert.org/vuls/id/521113

Patch

https://github.com/digitalbazaar/forge/tags