Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
jsrsasign 安全漏洞
Vulnerability Description
jsrsasign package是日本浦岛贤治个人开发者的一款开源的加密库。 jsrsasign 11.0.0之前版本存在安全漏洞,该漏洞源于RSA PKCS1.5或RSAOAEP解密过程中容易受到Observable Discrepancy影响,攻击者利用该漏洞可以解密密文。
CVSS Information
N/A
Vulnerability Type
N/A