CVE-2021-29445MEDIUMCVSS 5.9fixed in 3.11.42021-04-16
CVE-2021-29445 [MEDIUM] CWE-203 CVE-2021-29445: jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versi
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly obs
cvelistv5ghsanvdosv