CVE-2023-46809
CVSS v3.1
7.4 (High)
EPSS
0.04 % (10th)
Advisories
21
NVD Status
Awaiting Analysis
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
Weaknesses
- CWE-385
- Covert Timing Channel
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- HackerOne
- Published Date
-
2024-09-07 16:15:02
(11 days ago) - Updated Date
-
2024-09-09 18:35:01
(9 days ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...