CVE-2021-29446MEDIUMCVSS 5.9fixed in 3.11.42021-04-16
CVE-2021-29446 [MEDIUM] CWE-203 CVE-2021-29446: jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versi
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly obs
cvelistv5nvd