CVE-2024-21484 — Vulnetix

CVE-2024-21484 PUBLISHED CVSS 7.5 HIGH

Marvin Attack of RSA and RSAOAEP decryption in jsrsasign

EPSS 0.24% · 47.3th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P

EPSS Score

0.24%

47.3th percentile

Affected Products

Vendor	Product	Versions
n/a	org.webjars.bower:jsrsasign	0, 0
jsrsasign_project	jsrsasign	0, 0, 0
n/a	org.webjars.npm:jsrsasign	0, 0
n/a	jsrsasign	0, 0
npm	jsrsasign	0, 0, 0
n/a	org.webjars.bowergithub.kjur:jsrsasign	0, 0

Exploit Intelligence

CIRCL seen: CVE-2024-21484 (circl-sighting)
CIRCL seen: CVE-2024-21484 (circl-sighting)
CIRCL seen: CVE-2024-21484 (circl-sighting)
https://github.com/kjur/jsrsasign/issues/598 (nist-nvd)
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 (circl)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 (circl)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 (circl)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 (circl)
https://github.com/kjur/jsrsasign/releases/tag/11.0.0 (circl)
https://people.redhat.com/~hkario/marvin/ (circl)

Timeline

Jan 19, 2024 CVE Published
Jan 22, 2024 PoC Published
Jan 22, 2024 PoC Published
Jan 24, 2024 EPSS Score
Feb 16, 2024 PoC Published
Feb 21, 2024 EPSS Score
Mar 20, 2024 EPSS Score
Apr 16, 2024 EPSS Score
May 14, 2024 EPSS Score
Jun 11, 2024 EPSS Score
Jul 9, 2024 EPSS Score
Aug 6, 2024 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›