CVE-2021-22939

Summary

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Affected Software

VendorProductVersion RangeStatus
NodeJSNode4.0 < 4.*affected
NodeJSNode5.0 < 5.*affected
NodeJSNode6.0 < 6.*affected
NodeJSNode7.0 < 7.*affected
NodeJSNode8.0 < 8.*affected
NodeJSNode9.0 < 9.*affected
NodeJSNode10.0 < 10.*affected
NodeJSNode11.0 < 11.*affected
NodeJSNode12.0 < 12.22.5affected
NodeJSNode13.0 < 13.*affected
NodeJSNode14.0 < 14.17.5affected
NodeJSNode15.0 < 15.*affected
NodeJSNode16.0 < 16.6.2affected

Weaknesses

  • CWE-295: Improper Certificate Validation (CWE-295)

ADP Enrichment

CVE Program Container

Additional References

References