CVE-2024-21484: 
JavaScript vulnerability analysis and mitigation

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS#1.5 or RSAOAEP decryption process, identified as CVE-2024-21484. The vulnerability was discovered by Hubert Kario and disclosed on November 21, 2023. This vulnerability is part of the Marvin Attack, which is a timing-based attack against RSA implementations (Marvin Attack).

The vulnerability allows an attacker to decrypt ciphertexts by exploiting the Marvin security flaw, which is a timing side-channel vulnerability in the RSA decryption process. The issue affects both RSA PKCS#1.5 and RSAOAEP padding modes, where the bit size of the raw RSA decryption leaks timing information. For PKCS#1 v1.5 specifically, the size of the decrypted message also leaks, providing timing oracles useful in mounting a timing variant of the Bleichenbacher attack. The vulnerability has received a CVSS v3.1 base score of 5.9 (Medium) from NIST and 7.5 (High) from Snyk (NVD, Snyk Report).

The vulnerability can lead to the decryption of encrypted messages without possessing the private key. An attacker can exploit this vulnerability to decrypt ciphertexts when they have access to a large number of ciphertexts encrypted with the same key. This represents a significant breach of confidentiality for systems using the affected versions of jsrsasign (Snyk Report).

The vulnerability has been addressed in jsrsasign version 11.0.0, which removes RSA PKCS#1.5 and RSAOAEP encryption/decryption functionality to prevent the Marvin attack. For users unable to upgrade, the vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another cryptographic library (GitHub Release).