RSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.
update to jsrsasign 11.0.0.
Find and replace RSA and RSAOAEP decryption with other crypto library.
https://people.redhat.com/~hkario/marvin/ https://github.com/kjur/jsrsasign/issues/598 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484
{ "github_reviewed_at": "2024-01-19T15:06:07Z", "github_reviewed": true, "nvd_published_at": "2024-01-22T05:15:08Z", "cwe_ids": [ "CWE-203" ], "severity": "HIGH" }