GCVE - cpe:2.3:a:n/a:org.webjars.bowergithub.kjur:jsrsasign:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:org.webjars.bowergithub.kjur:jsrsasign:*:*:*:*:*:*:*:*

part: a version: jsrsasign update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Org.Webjars.Bowergithub.Kjur (`9591a182-b16d-5c9e-91db-9cfafbe77bb5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21484`	vulnerable	2026-06-08 06:27:35.408204	Details available HIGH (7.5) Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. Published: 2024-01-22T05:00:02.087Z Updated: 2024-10-21T10:56:23.141Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 https://github.com/kjur/jsrsasign/issues/598	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.