CVE-2024-21484 Information

Jan 25, 2024 cve

Description

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

Reference

https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 https://github.com/kjur/jsrsasign/issues/598 https://github.com/kjur/jsrsasign/releases/tag/11.0.0

Share on: