CVE-2024-21484

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.0.0

Description The issue is related to an Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process in the jsrsasign package. An attacker can decrypt ciphertexts by exploiting this flaw, which is also known as the Marvin security flaw. Exploiting this issue requires the attacker to have access to a large number of ciphertexts encrypted with the same key. This vulnerability can be exploited to perform a Bleichenbacher or Marvin attack.

Recommendations For jsrsasign versions prior to 11.0.0, update to jsrsasign 11.0.0 to resolve the issue. As a temporary workaround, consider finding and replacing RSA and RSAOAEP decryption with another crypto library until the update is applied.