Skip to content

CVE-2022-0122 (Medium) detected in node-forge-0.10.0.tgz #1112

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#1239
Closed
CVE-2022-0122 (Medium) detected in node-forge-0.10.0.tgz#1112
#1239
Assignees
tmarkley
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by MendcveSecurity vulnerabilities detected by Dependabot or Mendmedium severityMedium severity CVEv2.0.0
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
opened on Jan 7, 2022

CVE-2022-0122 - Medium Severity Vulnerability

Vulnerable Library - node-forge-0.10.0.tgz

JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.

Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz

Dependency Hierarchy:

  • node-forge-0.10.0.tgz (Vulnerable Library)

Found in HEAD commit: 3d9f5425b6bb5dae38277bc68c45cb86ae608642

Found in base branch: main

Vulnerability Details

forge is vulnerable to URL Redirection to Untrusted Site

Publish Date: 2022-01-06

URL: CVE-2022-0122

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gf8q-jrpm-jvxq

Release Date: 2022-01-06

Fix Resolution: 1.2.1

Metadata

Assignees

Labels

Mend: dependency security vulnerabilitySecurity vulnerability detected by MendcveSecurity vulnerabilities detected by Dependabot or Mendmedium severityMedium severity CVEv2.0.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions