jose-browser-runtime and jose-node-esm-runtime are vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac
verification fails, allowing timing information to be measured by running the CBC decryption with various padding length.