CVE-2022-38493

Published August 20th, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.

babelouest/rhonabwy

[PROJECT CLOSED] - Javascript Object Signing and Encryption (JOSE) library - JWK, JWKS, JWS, JWE and JWT

GitHub