漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
jsrsasign 安全漏洞
Vulnerability Description
jsrsasign package是日本浦岛贤治个人开发者的一款开源的加密库。 jsrsasign 11.0.0之前版本存在安全漏洞,该漏洞源于RSA PKCS1.5或RSAOAEP解密过程中容易受到Observable Discrepancy影响,攻击者利用该漏洞可以解密密文。
CVSS Information
N/A
Vulnerability Type
N/A