node-jose icon indicating copy to clipboard operation
node-jose copied to clipboard
verified publisher icon cisco

Whitesource scanning shows High Severity Vulnerability (CVE-2022-24771) for node-forge-1.2.1 library

Open chayanray opened this issue 3 years ago • 1 comments

node-forge-1.2.1.tgz JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.

Library home page: https://registry.npmjs.org/node-forge/-/node-forge-1.2.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

(Root Library) node-jose-2.1.0.tgz ❌ node-forge-1.2.1.tgz (Vulnerable Library)

Request to upgrade to latest version of node-forge.

chayanray avatar Jul 12 '22 07:07 chayanray

Lib still uses node-forge 1.2.1 as dependency in package.json

chayanray avatar Jul 15 '22 06:07 chayanray