Lucene search
Veracode Vulnerability DatabaseVERACODE:30019HistoryApr 19, 2021 - 12:42 a.m.
Padding Oracle Attack
2021-04-1900:42:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.001 Low
EPSS
Percentile
51.2%
jose-node-cjs-runtime is vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac verification fails, allowing timing information to be measured by running the CBC decryption with various padding length.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jose-node-cjs-runtime | le | 3.11.3 |
Related
cve
cve
CVE-2021-29446
2021-04-16 22:15:14
github
github
osv
osv
CVE-2021-29446
2021-04-16 22:15:14
prion
prion
Design/Logic Flaw
2021-04-16 22:15:00
nvd
nvd
CVE-2021-29446
2021-04-16 22:15:14
cvelist
cvelist
