Dependency node-forge has critical security vulnerability

Question

Dependency node-forge has critical security vulnerability

csvan opened this issue 3 years ago · 2 comments

node-forge 0.10.0
Severity: critical
node-forge Package for Node.js lib/debug.js set() Function Prototype Pollution Unspecified Issue - 418sec/forge#1

Answer 1 · 2022-01-05T06:25:18.000Z

This issue is fixed in node-forge 1.0.0.
(I doubt anyone has ever used that debug API, including forge itself, so it's probably not "critical".)

Answer 2 · 2022-01-05T12:50:19.000Z

Yea I think the classifications are weird sometimes too :-/