logo

Database

Server-side request forgery (SSRF) In node-forge

Description

Open Redirect in node-forge parseUrl functionality in node-forge mishandles certain uses of backslash such as https:/\/\/\ and interprets the URI as a relative path.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-01222. NVD-2022-01223. OSV-2022-01224. GCVE-2022-0122

References

1. https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e2. https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.