Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
- Severity:
- High
Description
A Denial of Service (DoS) vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library).
Recommendation
Update the node-forge package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.4.0
- Patched version(s): 1.4.0
References
Related Issues
- Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - CVE-2026-34043
- Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution - CVE-2026-30939
- Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery - CVE-2026-30925
- jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - CVE-2026-24001
- Tags:
- npm
- node-forge
Anything's wrong? Let us know Last updated on March 27, 2026