Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2021/04/19 2:57 p.m.6 views

@dci-lint/cmd-api-server (>=0.3.0 <=0.4.0), @dci-lint/test-api-client (>=0.3.0 <=0.4.0) +29 more potentially affected by CVE-2021-29443 via jose (>=1.18.1 <=1.28.0)

jose NPM version =1.18.1, =0.3.0, =0.3.0, =0.3.0, =0.10.0-unstable.2b529f0, =2.0.0, =0.1.1-alpha.289, =0.4.0, =0.1.1-alpha.289, =0.5.0, =0.5.0, =0.5.0, =0.4.0, =0.1.1-alpha.289, =0.1.1-alpha.289, =0.1.1-alpha.289, =0.5.0-alpha.0 and more Source cves: CVE-2021-29443 Source advisory:...

5.9CVSS6.2AI score0.01167EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:57 p.m.12 views

@decentralized-identity/ion-sdk (>=0.1.0 <=0.4.1), @tadashi/jwt (=6.0.0) +19 more potentially affected by CVE-2021-29443 via jose (>=2.0.1 <=2.0.3)

jose NPM version =2.0.1, =0.1.0, =3.0.4, =3.0.4, =3.0.5, =3.0.4, =3.0.5, =3.0.4, =3.0.6, =3.0.3, =3.0.5, =3.1.0, =2.3.2, =0.1.0, =0.1.3 and more Source cves: CVE-2021-29443 Source advisory: OSV:GHSA-58F5-HFQC-JGCH...

5.9CVSS6.2AI score0.01167EPSS
Exploits0
NVD
NVD
added 2021/04/16 6:15 p.m.62 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS0.01167EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/16 5:35 p.m.72 views

CVE-2021-29443 Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS5.9AI score0.01167EPSS
Exploits0References2
CVE
CVE
added 2021/04/16 5:35 p.m.96 views

CVE-2021-29443

CVE-2021-29443 affects the jose npm library. Vulnerable versions of the library perform HMAC tag verification after attempting CBC decryption, creating a possible padding oracle through observable timing differences during decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS5...

5.9CVSS5.6AI score0.01167EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder