VDB

CVE-2023-46809

CVE-2023-46809 PUBLISHED

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

EPSS 1.24% · 79.6th percentile

Risk Scores

EPSS Score
1.24%
79.6th percentile

Affected Products

VendorProductVersions
Bitnaminode0, 19.0.0, 21.0.0
Bitnaminode-min19.0.0, 0, 0
Bitnaminode0, 19.0.0, 21.0.0
Bitnaminode-min0, 19.0.0, 21.0.0

Timeline

  • CVE Published
  • Feb 15, 2024 PoC Published
  • Sep 8, 2024 EPSS Score
  • Sep 28, 2024 EPSS Score
  • Oct 18, 2024 EPSS Score
  • Nov 7, 2024 EPSS Score
  • Nov 27, 2024 EPSS Score
  • Dec 18, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Jan 27, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 7, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›