slowli · slowli · Dec 10, 2023 · Dec 8, 2023 · Dec 10, 2023
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/README.md b/README.md
@@ -78,6 +78,9 @@ See the crate docs for more examples of usage.
   for elliptic curves used in standard `ES*` algorithms).
 - The `ES256` algorithm is supported via pure Rust [`p256`] crate.
 - RSA algorithms (`RS*` and `PS*`) are supported via pure Rust [`rsa`] crate.
+  Beware that the `rsa` crate (along with other RSA implementations) may be susceptible to
+  [the "Marvin" timing side-channel attack](https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr)
+  at the time of writing; use with caution.
 - The crate supports the `no_std` mode. [No-std support](e2e-tests/no-std) 
   and [WASM compatibility](e2e-tests/wasm) are explicitly tested.
 

diff --git a/deny.toml b/deny.toml
@@ -13,6 +13,11 @@ unsound = "deny"
 yanked = "deny"
 notice = "warn"
 severity-threshold = "Medium"
+ignore = [
+  # "Marvin" attack for the `rsa` crate; no fix is available ATM.
+  # A warning is added to crate readme and crate docs as a stopgap measure.
+  "RUSTSEC-2023-0071",
+]
 
 [licenses]
 unlicensed = "deny"

diff --git a/e2e-tests/no-std/Cargo.toml b/e2e-tests/no-std/Cargo.toml
@@ -23,7 +23,7 @@ panic-halt = "0.2.0"
 
 # RSA-specific dependencies. Everything besides `rsa` is needed to set up an RNG.
 getrandom = { version = "0.2", features = ["custom"], optional = true }
-once_cell = { version = "1.16.0", default-features = false, optional = true }
+once_cell = { version = "1.19.0", default-features = false, optional = true }
 rand_chacha = { version = "0.3.1", default-features = false, optional = true }
 rsa = { version = "0.9", default-features = false, optional = true }
 

diff --git a/e2e-tests/wasm/Cargo.toml b/e2e-tests/wasm/Cargo.toml
@@ -15,7 +15,7 @@ wasm-opt = ["-Os", "--enable-mutable-globals"]
 crate-type = ["cdylib", "rlib"]
 
 [dependencies]
-wasm-bindgen = "0.2.88"
+wasm-bindgen = "0.2.89"
 
 chrono = { version = "0.4.22", features = ["wasmbind"] }
 serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }

diff --git a/src/lib.rs b/src/lib.rs
@@ -35,6 +35,10 @@
 //! | `ES256`  | [`p256`] | Pure Rust implementation |
 //! | `RS*`, `PS*` (RSA) | `rsa` | Uses pure Rust [`rsa`] crate with blinding |
 //!
+//! Beware that the `rsa` crate (along with other RSA implementations) may be susceptible to
+//! [the "Marvin" timing side-channel attack](https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr)
+//! at the time of writing; use with caution.
+//!
 //! `EdDSA` and `ES256K` algorithms are somewhat less frequently supported by JWT implementations
 //! than others since they are recent additions to the JSON Web Algorithms (JWA) suit.
 //! They both work with elliptic curves