Rewterz Threat Advisory – CVE-2021-21981 – VMware NSX-T Vulnerability
April 19, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox spoofing
April 20, 2021Rewterz Threat Advisory – CVE-2021-21981 – VMware NSX-T Vulnerability
April 19, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox spoofing
April 20, 2021Severity
Medium
Analysis Summary
CVE-2021-29443
The Node.js jose module allows access to sensitive information caused by a padding error while decrypting the ciphertext. The remote attacker can utilize the padding oracle attack techniques to exploit this vulnerability and obtain sensitive information. The collected information can be used to launch further attacks against the infected system.
Impact
Information Breach
Affected Products
- Node.js jose 1.28
- Node.js jose 2.0
- Node.js jose 3.11
Remediation
Upgrade to the latest version of jose (1.28.1, 2.0.5, 3.11.4, or later), available from the jose GIT Repository at https://github.com/panva/jose/security/advisories/GHSA-58f5-hfqc-jgch