Severity: high

Prototype Pollution in node-forge



The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.


Upgrade to version 0.10.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Sep 30th, 2020
  2. reported

    Reported by Unknown
    Sep 30th, 2020