Published: 24/02/2022 Updated: 05/10/2022

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host. (CVE-2021-44531) It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an malicious user to impersonate a trusted host. (CVE-2021-44532) A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries. (CVE-2021-44533) Prototype pollution via console.table properties (CVE-2022-21824)

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
oracle peoplesoft enterprise peopletools 8.58
oracle peoplesoft enterprise peopletools 8.59
oracle mysql enterprise monitor
oracle mysql connectors
oracle mysql workbench
oracle mysql server
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle graalvm 22.0.0.2
oracle mysql cluster

Debian Bug report logs - #1004177 nodejs: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 22 Jan 2022 09:45:02 UTC ...

Multiple vulnerabilities were discovered in Nodejs, which could result in HTTP request smuggling, a bypass of certificate verification or prototype pollution For the stable distribution (bullseye), these problems have been fixed in version 122212~dfsg-1~deb11u1 We recommend that you upgrade your nodejs packages For the detailed security statu ...

Synopsis Moderate: rh-nodejs14-nodejs security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs14-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated th ...

Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 86 Extended Update ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

Synopsis Moderate: rh-nodejs12-nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Pro ...

Synopsis Moderate: nodejs:14 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

A flaw was found in nodejs where it accepted a certificate's Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host (CVE-2021-44531) It was found that nodejs did not safely read the x509 certificate general ...

ALAS-2022-214 Amazon Linux 2022 Security Advisory: ALAS-2022-214 Advisory Release Date: 2022-12-06 16:41 Pacific ...

CWE-295 https://hackerone.com/reports/1429694 https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/https://security.netapp.com/advisory/ntap-20220325-0007/https://www.oracle.com/security-alerts/cpuapr2022.html https://www.debian.org/security/2022/dsa-5170 https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004177 https://www.debian.org/security/2022/dsa-5170 https://alas.aws.amazon.com/AL2022/ALAS-2022-019.html

Get Started

CVE-2021-44531

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect