| Summary | Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key. |
|---|---|
| Publication Date | Sept. 8, 2024, 1:15 a.m. |
| Registration Date | Sept. 8, 2024, 5 a.m. |
| Last Update | Sept. 9, 2024, 10:03 p.m. |