Updated: 2025-08-20 03:13:15.896928
Description:
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.9 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Debian 10 | nodejs | 16 | 5.9 | MEDIUM | Released | CLSA-2025:1765361525 | 2025-12-10 10:14:13 | |
| Debian 10 | nodejs | 20 | 5.9 | MEDIUM | Not Vulnerable | 2025-12-05 12:51:17 | ||
| Debian 10 | nodejs | 18 | 5.9 | MEDIUM | Not Vulnerable | 2025-12-05 12:51:17 | ||
| Debian 10 | nodejs | 14 | 5.9 | MEDIUM | Released | CLSA-2025:1764865917 | 2025-12-05 00:07:00 | |
| Debian 10 | nodejs | 12 | 5.9 | MEDIUM | Released | CLSA-2025:1765975221 | 2025-12-17 15:05:04 | |
| Debian 11 | nodejs | 18 | 5.9 | MEDIUM | Not Vulnerable | 2025-12-05 12:51:16 | ||
| Debian 11 | nodejs | 16 | 5.9 | MEDIUM | Released | CLSA-2025:1765361886 | 2025-12-10 11:57:49 | |
| Debian 11 | nodejs | 20 | 5.9 | MEDIUM | Not Vulnerable | 2025-12-05 12:51:16 | ||
| Debian 11 | nodejs | 12 | 5.9 | MEDIUM | Released | CLSA-2025:1765977098 | 2025-12-17 15:05:02 | |
| Debian 11 | nodejs | 14 | 5.9 | MEDIUM | Released | CLSA-2025:1764866060 | 2025-12-05 00:06:59 |