CVE-2025-9288

Опубликовано: 20 авг. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

Ссылки

https://github.com/browserify/sha.js/pull/78
Issue Tracking
Patch
https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
Exploit
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-9287
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html
https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:browserify:sha.js:*:*:*:*:*:node.js:*:*

Версия до 2.4.11 (включая)

EPSS

Процентиль: 16%

0.0005

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-9288

CVSS3: 9.1

ubuntu

4 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CVE-2025-9288

CVSS3: 7.7

redhat

4 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

CVE-2025-9288

msrc

4 месяца назад

Missing type checks leading to hash rewind and passing on crafted data

CVE-2025-9288

CVSS3: 9.1

debian

4 месяца назад

Improper Input Validation vulnerability in sha.js allows Input Data Ma ...

GHSA-95m3-7q98-8xr5

CVSS3: 9.1

github

4 месяца назад

sha.js is missing type checks leading to hash rewind and passing on crafted data

EPSS

Процентиль: 16%

0.0005

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo