CVE-2025-9288

Опубликовано: 20 авг. 2025

Источник: debian

EPSS Низкий

Описание

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

Пакет	Статус	Версия исправления	Релиз	Тип
node-sha.js	fixed	2.4.12+~3.0.5-1		package

https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
https://github.com/browserify/sha.js/pull/78
Fixed by: https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5 (v2.4.12)

EPSS

Процентиль: 14%

0.00046

Низкий

CVE-2025-9288

CVSS3: 9.1

ubuntu

2 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CVE-2025-9288

CVSS3: 7.7

redhat

2 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CVE-2025-9288

CVSS3: 9.1

nvd

2 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CVE-2025-9288

msrc

2 месяца назад

Missing type checks leading to hash rewind and passing on crafted data

GHSA-95m3-7q98-8xr5

CVSS3: 9.1

github

2 месяца назад

sha.js is missing type checks leading to hash rewind and passing on crafted data

EPSS

Процентиль: 14%

0.00046

Низкий