CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

@netceterapx/click-to-pay-embedded-sdk (>=0.0.1 <=1.0.5), postman-helper (>=1.0.0 <=1.0.2) potentially affected by CVE-2022-36083 via jose-browser-runtime (>=4.15.5 <=4.1.2)

jose-browser-runtime NPM version =4.15.5, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

@teachbase/utils (=1.0.1) potentially affected by CVE-2022-36083 via jose-browser-runtime (=3.16.1)

jose-browser-runtime NPM version =3.16.1 is affected by a known vulnerability. The following packages have a transitive dependency on jose-browser-runtime and may be impacted: - @teachbase/utils =1.0.1 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

Design/Logic Flaw

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29444 Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29444

CVE-2021-29444 affects the npm package jose-browser-runtime. In versions prior to 3.11.4, the AES_CBC_HMAC_SHA2 decryption flow would execute both HMAC verification and CBC decryption even if one failed, enabling a potential padding oracle due to observable timing differences during padding error...

jose-browser-runtime 安全漏洞

npm jose-browser-runtime is an application from the US company npm. Generic " JSON Web almost everything " - JWA, JWS, JWE, JWT, JWK using native encryption runtime without dependencies. A security vulnerability exists in jose-browser-runtime, which stems from the possibility of a noticeable time...

PT-2021-18219 · Unknown · Jose-Browser-Runtime

Name of the Vulnerable Software and Affected Versions: jose-browser-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in jose-browser-runtime has a padding oracle vulnerability. This occurs because a possibly observable difference in timing when a padding...