Description
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Remediation
References
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
Related Vulnerabilities
CVE-2018-6333 Vulnerability in npm package nuclide
CVE-2019-11819 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts
CVE-2023-0410 Vulnerability in npm package @builder.io/qwik
CVE-2019-10782 Vulnerability in maven package com.puppycrawl.tools:checkstyle
CVE-2023-46651 Vulnerability in maven package io.jenkins.plugins:warnings-ng