CVE-2021-29445

Name of the Vulnerable Software and Affected Versions: jose-node-esm-runtime versions prior to 3.11.4

Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-esm-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversary to potentially decrypt data without knowing the decryption key by making on average 128*b calls to the padding oracle, where b is the number of bytes in the ciphertext block. The issue arises because both HMAC tag verification and CBC decryption are executed, and a possibly observable difference in timing occurs when a padding error happens.

Recommendations: For versions prior to 3.11.4, upgrade to version 3.11.4 or later to ensure the HMAC tag is verified before performing CBC decryption, preventing the padding oracle issue.