Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mv6y-qymd-ryat
Vulnerability ID VCID-mv6y-qymd-ryat
Aliases CVE-2021-29444
GHSA-94hh-pjjg-rwmr
Summary Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime ### Impact [AES_CBC_HMAC_SHA2 Algorithm](https://tools.ietf.org/html/rfc7518#section-5.2) (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). ### Patches A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. ### Credits Thanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-203 Observable Discrepancy
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
epss 0.00394 https://api.first.org/data/v1/epss?cve=CVE-2021-29444
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-94hh-pjjg-rwmr
cvssv3.1 5.9 https://github.com/panva/jose
generic_textual MODERATE https://github.com/panva/jose
cvssv3.1 5.9 https://github.com/panva/jose/security/advisories/GHSA-94hh-pjjg-rwmr
cvssv3.1_qr MODERATE https://github.com/panva/jose/security/advisories/GHSA-94hh-pjjg-rwmr
generic_textual MODERATE https://github.com/panva/jose/security/advisories/GHSA-94hh-pjjg-rwmr
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-29444
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-29444
cvssv3.1 5.9 https://www.npmjs.com/package/jose-browser-runtime
generic_textual MODERATE https://www.npmjs.com/package/jose-browser-runtime
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-29444
https://github.com/panva/jose
https://github.com/panva/jose/security/advisories/GHSA-94hh-pjjg-rwmr
https://nvd.nist.gov/vuln/detail/CVE-2021-29444
https://www.npmjs.com/package/jose-browser-runtime
GHSA-94hh-pjjg-rwmr https://github.com/advisories/GHSA-94hh-pjjg-rwmr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/panva/jose
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/panva/jose/security/advisories/GHSA-94hh-pjjg-rwmr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.npmjs.com/package/jose-browser-runtime
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60183
EPSS Score 0.00394
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:00:49.679108+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-94hh-pjjg-rwmr/GHSA-94hh-pjjg-rwmr.json 38.0.0