{"id":"BIT-node-2023-46809","details":"Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.","aliases":["BIT-node-min-2023-46809","CVE-2023-46809"],"modified":"2025-11-06T13:25:46.476Z","published":"2024-09-11T07:20:44.318Z","database_specific":{"severity":"High","cpes":["cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46809"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"}],"affected":[{"package":{"name":"node","ecosystem":"Bitnami","purl":"pkg:bitnami/node"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"18.19.1"},{"introduced":"19.0.0"},{"fixed":"20.11.1"},{"introduced":"21.0.0"},{"fixed":"21.6.1"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2023-46809.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}],"schema_version":"1.7.3"}