CVE-2021-29444

Name of the Vulnerable Software and Affected Versions: jose-browser-runtime versions prior to 3.11.4

Description: The AES CBC HMAC SHA2 Algorithm decryption in jose-browser-runtime has a padding oracle vulnerability. This occurs because a possibly observable difference in timing when a padding error happens while decrypting the ciphertext can be used by an adversary to decrypt data without knowing the decryption key. The adversary can make use of this oracle by issuing on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block.

Recommendations: For versions prior to 3.11.4, upgrade to version 3.11.4 or later. Specifically, users should upgrade to ^3.11.4 to ensure the HMAC tag is verified before performing CBC decryption, thus mitigating the vulnerability.