CVE-2023-46809

CVSS v3.1 7.4 (High)

EPSS 0.04 % (10^th)

Advisories 21

NVD Status Awaiting Analysis

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

Weaknesses

CWE-385: Covert Timing Channel

CVE Status: PUBLISHED
NVD Status: Awaiting Analysis
CNA: HackerOne
Published Date: 2024-09-07 16:15:02
(11 days ago)
Updated Date: 2024-09-09 18:35:01
(9 days ago)