Security Advisory

CVE-2023-46809

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-07 16:03:32

Last updated 2025-11-04 18:18:49

Assigner hackerone

State PUBLISHED

Description

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

← Browse all CVEs View on cve.org ↗