CVE-2021-22939 log

Severity Low
Remote Yes
Type Certificate verification bypass
If the Node.js https API in versions before 16.6.2, 14.17.5 and 12.22.5 was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Group Package Affected Fixed Severity Status Ticket
AVG-2285 nodejs-lts-erbium 12.22.4-2 12.22.7-1 High Fixed FS#72412
AVG-2284 nodejs-lts-fermium 14.17.4-1 14.18.1-1 High Fixed FS#72413
AVG-2283 nodejs 16.6.1-1 16.6.2-1 High Fixed
Date Advisory Group Package Severity Type
21 Oct 2021 ASA-202110-6 AVG-2285 nodejs-lts-erbium High multiple issues
21 Oct 2021 ASA-202110-5 AVG-2284 nodejs-lts-fermium High multiple issues