Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-22939

If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Source

Severity Low

Remote Yes

Type Certificate verification bypass

Description

If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

AVG-2285 nodejs-lts-erbium 12.22.4-2 High Vulnerable

AVG-2284 nodejs-lts-fermium 14.17.4-1 High Vulnerable

AVG-2283 nodejs 16.6.1-1 16.6.2-1 High Fixed

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
https://hackerone.com/reports/1278254
https://github.com/nodejs-private/node-private/pull/276
https://github.com/nodejs/node/commit/6c7fff6f1d53dfb6c2b184ee41809b8d7614cb80
https://github.com/nodejs/node/commit/35b86110e45083a75d7dc8e6be5a930b262494f6
https://github.com/nodejs/node/commit/1780bbc3291357f7c3370892eb311fc7a62afe8d

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect