Identifier

CVE-2020-7720

Package Slug

npm/node-forge

Vulnerability

Improper Input Validation

Description

The package node-forge is vulnerable to Prototype Pollution via the util.setPath function. Note, it is a breaking change removing the vulnerable functions.

Affected Versions

All versions before 0.10.0

Solution

Upgrade to version 0.10.0 or above.

Last Modified

2020-09-03

source