CVE-2025-9287

Опубликовано: 20 авг. 2025

Источник: debian

EPSS Низкий

Описание

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

Пакет	Статус	Версия исправления	Релиз	Тип
node-cipher-base	fixed	1.0.6-1		package

https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
https://github.com/browserify/cipher-base/pull/23
Fixed by: https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294 (v1.0.5)

EPSS

Процентиль: 32%

0.00119

Низкий

CVE-2025-9287

CVSS3: 9.1

ubuntu

28 дней назад

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

CVE-2025-9287

CVSS3: 7.5

redhat

28 дней назад

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

CVE-2025-9287

CVSS3: 9.1

nvd

28 дней назад

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

GHSA-cpq7-6gpm-g9rc

CVSS3: 9.1

github

27 дней назад

cipher-base is missing type checks, leading to hash rewind and passing on crafted data

BDU:2025-10188

CVSS3: 9

fstec

28 дней назад

Уязвимость пакета cipher-base программной платформы Node.js, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 32%

0.00119

Низкий