Control: tags -1 + confirmed On Wed, 2022-03-23 at 11:29 +0100, Yadd wrote: > node-node-forge signature verification code is lenient in checking > the digest > algorithm structure. This can allow a crafted structure that steals > padding > bytes and uses unchecked portion of the PKCS#1 encoded message to > forge a > signature when a low public exponent is being used. The issue has > been > addressed in `node-forge` version 1.3.0. >
Please go ahead; sorry for the delay. Regards, Adam
