Description
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Remediation
References
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
Related Vulnerabilities
CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core
CVE-2020-7751 Vulnerability in npm package pathval
CVE-2022-29249 Vulnerability in maven package io.github.javaezlib:javaez
CVE-2021-33562 Vulnerability in maven package com.shopizer:shopizer
CVE-2020-7656 Vulnerability in maven package org.webjars.npm:jquery