CVE-2021-29443: 
JavaScript vulnerability analysis and mitigation

jose is an npm library providing cryptographic operations, where versions prior to 1.28.1, 2.0.5, and 3.11.4 contained a vulnerability in the AESCBCHMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption process. The vulnerability was discovered in April 2021 and assigned CVE-2021-29443 (GitHub Advisory).

The vulnerability stems from the implementation of AESCBCHMAC_SHA2 Algorithm decryption, which would execute both HMAC tag verification and CBC decryption operations regardless of their order. If either operation failed, a JWEDecryptionFailed error would be thrown. This implementation created an observable timing difference when padding errors occurred during ciphertext decryption. The vulnerability has a CVSS v3.1 base score of 5.9 (Medium) with a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (GitHub Advisory).

An adversary could potentially exploit this vulnerability to decrypt data without knowing the decryption key by utilizing the padding oracle. The attack would require approximately 128*b calls to the padding oracle, where b represents the number of bytes in the ciphertext block (GitHub Advisory).

All major release versions have received patches that ensure HMAC tag verification is performed before CBC decryption. Users should upgrade to the following fixed versions: v1.x users should upgrade to ^1.28.1, v2.x users to ^2.0.5, and v3.x users to ^3.11.4 (GitHub Advisory).