{"id":"CVE-2023-46809","details":"Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.","aliases":["BIT-node-2023-46809","BIT-node-min-2023-46809"],"modified":"2026-02-10T18:28:47.887137Z","published":"2024-09-07T16:15:02Z","related":["ALSA-2024:1503","ALSA-2024:1510","ALSA-2024:1687","ALSA-2024:1688","MGASA-2024-0046","SUSE-SU-2024:0643-1","SUSE-SU-2024:0644-1","SUSE-SU-2024:0728-1","SUSE-SU-2024:0729-1","SUSE-SU-2024:0730-1","SUSE-SU-2024:0731-1","SUSE-SU-2024:0732-1","SUSE-SU-2024:0733-1","openSUSE-SU-2024:13697-1","openSUSE-SU-2024:13698-1"],"references":[{"type":"ARTICLE","url":"https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"}],"schema_version":"1.7.3"}