CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46234 – browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
https://notcve.org/view.php?id=CVE-2023-46234
26 Oct 2023 — browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in vers... • https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37623
https://notcve.org/view.php?id=CVE-2022-37623
31 Oct 2022 — Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. Vulnerabilidad de contaminación del prototipo en la función resolveShims en resolve-shims.js en thlorenz browserify-shim 3.8.15 a través de la variable shimPath en resolve-shims.js. • https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37621
https://notcve.org/view.php?id=CVE-2022-37621
28 Oct 2022 — Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js. Vulnerabilidad de contaminación del prototipo en la función resolveShims en resolve-shims.js en thlorenz browserify-shim 3.8.15 a través de la variable fullPath en resolve-shims.js. • https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L158 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37617
https://notcve.org/view.php?id=CVE-2022-37617
11 Oct 2022 — Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. Una vulnerabilidad de contaminación de prototipos en la función resolveShims en el archivo resolve-shims.js en thlorenz browserify-shim versión 3.8.15 por medio de la variable k en resolve-shims.js • https://github.com/thlorenz/browserify-shim/blob/464b32bbe142664cd9796059798f6c738ea3de8f/lib/resolve-shims.js#L130 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14730
https://notcve.org/view.php?id=CVE-2018-14730
21 Sep 2018 — An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/ connection from any origin. Se ha descubierto un problema en Browserify-HMLR. Los atacantes pueden robar el código del desarrollado porque el origen de las peticiones no es comprobado por el servidor WebSocket, uti... • https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •