Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 0, 19.0.0, 21.0.0 |
Timeline
- Sep 11, 2024 CVE Published
- Nov 6, 2025 CVE Updated
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 0, 19.0.0, 21.0.0 |