CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29445

CVE-2021-29445 affects the npm package jose-node-esm-runtime. In versions prior to 3.11.4, the AES_CBC_HMAC_SHA2 decryption flow would perform HMAC verification and CBC decryption even if one step failed, creating a potential padding oracle due to a timing difference during padding errors. An adv...

CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

jose-node-esm-runtime 安全漏洞

npm jose-node-esm-runtime is an application from npm, Inc. json web almost everything uses the Node.jscrypto module for JWA, JWS, JWE, JWT, JWK with no dependencies. jose-node-esm-runtime is a security vulnerability in jose-node-esm-runtime prior to version 3.11.4 that arises from a significant...