CNNVD-202511-2822 Information

CNNVD ID

CNNVD-202511-2822

Related CVE

CVE-2025-66030

• CNNVD Published: 2025-11-26

Description (Chinese)

node-forge是一个应用软件。一个用于 node-forge 的 WebJar。 node-forge 1.3.1及之前版本存在输入验证错误漏洞，该漏洞源于整数溢出，可能导致远程未经身份验证的攻击者绕过基于OID的安全决策。

Description (English)

Node-forge is an application. A WebJar for node-forge. Node-forge 1.3.1 and previous versions contained input authentication error holes, which originated in the integer spill and could result in remote unidentified assailants circumventing OID-based security decisions.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

个人开发者

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g https://access.redhat.com/security/cve/cve-2025-66030

Patch

https://github.com/digitalbazaar/forge/tags