CNNVD-202511-2823 Information

CNNVD ID

CNNVD-202511-2823

Related CVE

CVE-2025-66031

• CNNVD Published: 2025-11-26

Description (Chinese)

node-forge是一个应用软件。一个用于 node-forge 的 WebJar。 node-forge 1.3.1及之前版本存在安全漏洞，该漏洞源于不受控制的递归，可能导致远程未经身份验证的攻击者通过深度ASN.1结构触发拒绝服务。

Description (English)

Node-forge is an application. A WebJar for node-forge. There is a security loophole in node-forge 1.3.1 and earlier versions, which stems from uncontrolled regression and may result in long-range unidentified assailants triggering denial of services through deep ASN.1 structures.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451 https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27

Patch

https://github.com/digitalbazaar/forge/tags