High severity7.5NVD Advisory· Published Aug 20, 2022· Updated Jun 17, 2026
CVE-2022-38493
CVE-2022-38493
Description
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Rhonabwy/Rhonabwydescription
- Range: <1.1.7
Patches
Vulnerability mechanics
References
1- github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.