hash vulnerability

A critical vulnerability in the widely used npm package sha.js lets attackers supply unexpected input types that rewind or corrupt the internal hash state, produce identical digests for distinct inputs, and trigger denial-of-service conditions — a flaw tracked as CVE‑2025‑9288 and patched in...