Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.
Workaround
The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-01-22T05:00:02.087Z
Updated: 2024-08-01T22:20:40.779Z
Reserved: 2023-12-22T12:33:20.117Z
Link: CVE-2024-21484
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-22T05:15:08.720
Modified: 2024-03-06T14:15:47.533
Link: CVE-2024-21484
Redhat