CVE-2021-22939
N/A
N/A
Summary
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NodeJS | Node | 4.0 < 4.* | affected |
| NodeJS | Node | 5.0 < 5.* | affected |
| NodeJS | Node | 6.0 < 6.* | affected |
| NodeJS | Node | 7.0 < 7.* | affected |
| NodeJS | Node | 8.0 < 8.* | affected |
| NodeJS | Node | 9.0 < 9.* | affected |
| NodeJS | Node | 10.0 < 10.* | affected |
| NodeJS | Node | 11.0 < 11.* | affected |
| NodeJS | Node | 12.0 < 12.22.5 | affected |
| NodeJS | Node | 13.0 < 13.* | affected |
| NodeJS | Node | 14.0 < 14.17.5 | affected |
| NodeJS | Node | 15.0 < 15.* | affected |
| NodeJS | Node | 16.0 < 16.6.2 | affected |
Weaknesses
- CWE-295: Improper Certificate Validation (CWE-295)
ADP Enrichment
CVE Program Container
Additional References
- https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
- https://hackerone.com/reports/1278254
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20210917-0003/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
- https://security.gentoo.org/glsa/202401-02
References
- https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
- https://hackerone.com/reports/1278254
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20210917-0003/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
- https://security.gentoo.org/glsa/202401-02
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.