Forge (also called node-forge
) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in node-forge
version 1.3.0. There are currently no known workarounds.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Forge | Digitalbazaar | * | 1.3.0 (excluding) |
Node-node-forge | Ubuntu | impish | * |
Node-node-forge | Ubuntu | kinetic | * |
Node-node-forge | Ubuntu | trusty | * |
Node-node-forge | Ubuntu | xenial | * |
OpenShift Service Mesh 2.1 | RedHat | openshift-service-mesh/kiali-rhel8:1.36.9-1 | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acm-grafana-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acm-must-gather-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | acm-operator-bundle-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | application-ui-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | assisted-image-service-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cert-policy-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cluster-backup-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | clusterclaims-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cluster-curator-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | clusterlifecycle-state-metrics-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | cluster-proxy-addon-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | config-policy-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-api-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | console-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | discovery-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | endpoint-monitoring-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-propagator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-spec-sync-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-status-sync-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | governance-policy-template-sync-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grafana-dashboard-loader-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grc-ui-api-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | grc-ui-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | iam-policy-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | insights-client-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | insights-metrics-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | klusterlet-addon-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | klusterlet-addon-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | kube-rbac-proxy-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | kube-state-metrics-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | managedcluster-import-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | management-ingress-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | memcached-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | memcached-exporter-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | metrics-collector-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicloud-integrations-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicloud-manager-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multiclusterhub-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multiclusterhub-repo-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-observability-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-application-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-channel-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-deployable-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-placementrule-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-subscription-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | multicluster-operators-subscription-release-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | node-exporter-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | observatorium-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | observatorium-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | openshift-hive-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | placement-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | prometheus-alertmanager-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | prometheus-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | provider-credential-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rbac-query-proxy-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | redisgraph-tls-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | registration-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | registration-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rhacm-agent-service-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rhacm-assisted-installer-agent-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rhacm-assisted-installer-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | rhacm-assisted-installer-reporter-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-aggregator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-api-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-collector-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-operator-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | search-ui-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | submariner-addon-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | thanos-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | thanos-receive-controller-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | volsync-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | volsync-mover-rclone-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | volsync-mover-restic-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | volsync-mover-rsync-container | * |
Red Hat Advanced Cluster Management for Kubernetes 2 | RedHat | work-container | * |
Red Hat OpenShift Data Foundation 4.11 on RHEL8 | RedHat | odf4/mcg-core-rhel8:v4.11.0-30 | * |
Red Hat OpenShift Data Foundation 4.11 on RHEL8 | RedHat | odf4/odf-console-rhel8:v4.11.0-51 | * |
RHINT Service Registry 2.3.0 GA | RedHat | node-forge | * |
RHPAM 7.13.1 async | RedHat | node-forge | * |