npm promotes metadefinitions
Severity: high

Prototype Pollution in node-forge



The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.


Upgrade to version 0.10.0 or later.

Have content suggestions? Visit

Advisory timeline

  1. published

    Advisory Published
    Sep 30th, 2020
  2. reported

    Reported by Unknown
    Sep 30th, 2020