Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Jose-node-cjs-runtime ProjectJose-node-cjs-runtime

3 matches found

CVE
CVEadded 2021/04/16 10:0 p.m.93 views

CVE-2021-29446

CVE-2021-29446 affects the npm package jose-node-cjs-runtime. In versions before 3.11.4, decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) could leak timing information because HMAC verification and CBC decryption might run in sequence even on a failed path, creating a...

5.9CVSS5.7AI score0.01238EPSS
CVE
CVEadded 2021/04/16 9:45 p.m.92 views

CVE-2021-29444

CVE-2021-29444 affects the npm package jose-browser-runtime. In versions prior to 3.11.4, the AES_CBC_HMAC_SHA2 decryption flow would execute both HMAC verification and CBC decryption even if one failed, enabling a potential padding oracle due to observable timing differences during padding error...

5.9CVSS5.7AI score0.01238EPSS
CVE
CVEadded 2021/04/16 9:50 p.m.91 views

CVE-2021-29445

CVE-2021-29445 affects the npm package jose-node-esm-runtime. In versions prior to 3.11.4, the AES_CBC_HMAC_SHA2 decryption flow would perform HMAC verification and CBC decryption even if one step failed, creating a potential padding oracle due to a timing difference during padding errors. An adv...

5.9CVSS5.7AI score0.01238EPSS