{"containers": {"cna": {"affected": [{"product": "jose-node-esm-runtime", "vendor": "panva", "versions": [{"status": "affected", "version": "< 3.11.4"}]}], "descriptions": [{"lang": "en", "value": "jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "{\"CWE-203\":\"Observable Discrepancy\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-16T21:50:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"}, {"tags": ["x_refsource_MISC"], "url": "https://www.npmjs.com/package/jose-node-esm-runtime"}], "source": {"advisory": "GHSA-4v4g-726h-xvfv", "discovery": "UNKNOWN"}, "title": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29445", "STATE": "PUBLIC", "TITLE": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jose-node-esm-runtime", "version": {"version_data": [{"version_value": "< 3.11.4"}]}}]}, "vendor_name": "panva"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-203\":\"Observable Discrepancy\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv", "refsource": "CONFIRM", "url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"}, {"name": "https://www.npmjs.com/package/jose-node-esm-runtime", "refsource": "MISC", "url": "https://www.npmjs.com/package/jose-node-esm-runtime"}]}, "source": {"advisory": "GHSA-4v4g-726h-xvfv", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:02:51.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.npmjs.com/package/jose-node-esm-runtime"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29445", "datePublished": "2021-04-16T21:50:13", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:02:51.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jose-node-cjs-runtime_project:jose-node-cjs-runtime:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "03D23205-6974-4025-A286-1F56B7EE9620", "versionEndExcluding": "3.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`."}, {"lang": "es", "value": "jose-node-esm-runtime es un paquete npm que proporciona una serie de funciones criptogr\u00e1ficas. En versiones anteriores a 3.11.4, el algoritmo de descifrado AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) siempre ejecutaba tanto la comprobaci\u00f3n de etiquetas HMAC como el descifrado CBC, si comet\u00eda un fallo \"JWEDecryptionFailed\" ser\u00eda lanzado. Pero una posible diferencia observable en el tiempo cuando se producir\u00eda un error de relleno al descifrar el texto cifrado crea un padding oracle y un adversario podr\u00eda ser capaz de hacer uso de ese oracle para descifrar datos sin conocer la clave de descifrado emitiendo un promedio de 128*b llamadas al padding oracle (donde b es el n\u00famero de bytes en el bloque de texto cifrado). Se lanz\u00f3 un parche que garantiza que la etiqueta HMAC se verifique antes de llevar a cabo el descifrado CBC. Las versiones corregidas son \"superiores o iguales a 3.11.4\". Los usuarios deben actualizar a \"^ 3.11.4\""}], "id": "CVE-2021-29445", "lastModified": "2024-11-21T06:01:06.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-16T22:15:14.060", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://www.npmjs.com/package/jose-node-esm-runtime"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://www.npmjs.com/package/jose-node-esm-runtime"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}