CVE-2021-22939 log
Source |
|
Severity | Low |
Remote | Yes |
Type | Certificate verification bypass |
Description | If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2285 | nodejs-lts-erbium | 12.22.4-2 | 12.22.7-1 | High | Fixed | FS#72412 |
AVG-2284 | nodejs-lts-fermium | 14.17.4-1 | 14.18.1-1 | High | Fixed | FS#72413 |
AVG-2283 | nodejs | 16.6.1-1 | 16.6.2-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
21 Oct 2021 | ASA-202110-6 | AVG-2285 | nodejs-lts-erbium | High | multiple issues |
21 Oct 2021 | ASA-202110-5 | AVG-2284 | nodejs-lts-fermium | High | multiple issues |