Unknown · Node-Forge · CVE-2022-24773
**Name of the Vulnerable Software and Affected Versions**
node-forge versions prior to 1.3.0
**Description**
The issue concerns the RSA PKCS#1 v1.5 signature verification code in node-forge, which does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
**Recommendations**
For node-forge versions prior to 1.3.0, update to version 1.3.0 to address the issue.
As a temporary workaround, consider restricting the use of the RSA PKCS#1 v1.5 signature verification code until a patch is applied.