VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-uyxf-wya2-wqfy

Essentials
Severities (41)
References (15)
Severity details (37)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uyxf-wya2-wqfy
Aliases	CVE-2024-21484 GHSA-rh63-9qcf-83gf GMS-2024-46
Summary	Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-203	Observable Discrepancy
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-21484
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-21484
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-21484
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-21484
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-rh63-9qcf-83gf
cvssv3.1	7.5	https://github.com/kjur/jsrsasign
generic_textual	HIGH	https://github.com/kjur/jsrsasign
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/issues/598
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/issues/598
generic_textual	HIGH	https://github.com/kjur/jsrsasign/issues/598
ssvc	Track	https://github.com/kjur/jsrsasign/issues/598
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/releases/tag/11.0.0
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/releases/tag/11.0.0
generic_textual	HIGH	https://github.com/kjur/jsrsasign/releases/tag/11.0.0
ssvc	Track	https://github.com/kjur/jsrsasign/releases/tag/11.0.0
cvssv3.1	7.5	https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
cvssv3.1_qr	HIGH	https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
generic_textual	HIGH	https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-21484
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-21484
cvssv3.1	7.5	https://people.redhat.com/~hkario/marvin
generic_textual	HIGH	https://people.redhat.com/~hkario/marvin
cvssv3.1	7.5	https://people.redhat.com/~hkario/marvin/
ssvc	Track	https://people.redhat.com/~hkario/marvin/
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
generic_textual	HIGH	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
ssvc	Track	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
generic_textual	HIGH	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
ssvc	Track	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
generic_textual	HIGH	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
ssvc	Track	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
cvssv3.1	7.5	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
generic_textual	HIGH	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
ssvc	Track	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-21484
		https://github.com/kjur/jsrsasign
		https://people.redhat.com/~hkario/marvin
11.0.0		https://github.com/kjur/jsrsasign/releases/tag/11.0.0
2259531		https://bugzilla.redhat.com/show_bug.cgi?id=2259531
598		https://github.com/kjur/jsrsasign/issues/598
CVE-2024-21484		https://nvd.nist.gov/vuln/detail/CVE-2024-21484
GHSA-rh63-9qcf-83gf		https://github.com/advisories/GHSA-rh63-9qcf-83gf
GHSA-rh63-9qcf-83gf		https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf
marvin		https://people.redhat.com/~hkario/marvin/
SNYK-JAVA-ORGWEBJARSBOWER-6070734		https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733		https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
SNYK-JAVA-ORGWEBJARSNPM-6070732		https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
SNYK-JS-JSRSASIGN-6070731		https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21484.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://github.com/kjur/jsrsasign

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://github.com/kjur/jsrsasign/issues/598

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://github.com/kjur/jsrsasign/issues/598

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://github.com/kjur/jsrsasign/issues/598

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://github.com/kjur/jsrsasign/releases/tag/11.0.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://github.com/kjur/jsrsasign/releases/tag/11.0.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://github.com/kjur/jsrsasign/releases/tag/11.0.0

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21484

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://people.redhat.com/~hkario/marvin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://people.redhat.com/~hkario/marvin/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://people.redhat.com/~hkario/marvin/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P Found at https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L Found at https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-23T16:15:40Z/ Found at https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

Exploit Prediction Scoring System (EPSS)

Percentile	0.47309
EPSS Score	0.0024
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:38:42.660380+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/21xxx/CVE-2024-21484.json	38.6.0