Description
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Remediation
References
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
Related Vulnerabilities
CVE-2022-26969 Vulnerability in npm package directus
CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2023-34660 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2021-27582 Vulnerability in maven package org.mitre:openid-connect-server
CVE-2019-16869 Vulnerability in maven package io.netty:netty