CVE-2021-22939
MEDIUM5.3EPSS 0.12%發布日:2021/8/16修改日:2026/4/28
描述
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
受影響套件(4)
- Alpine/nodejsfrom 0, < 12.22.5-r0
- Bitnami/node>= 12.0.0, < 12.22.5, >= 14.0.0, < 14.17.5, >= 16.0.0, < 16.6.2
- Bitnami/node-min>= 12.0.0, < 12.22.5, >= 14.0.0, < 14.17.5, >= 16.0.0, < 16.6.2
- Debian/nodejsfrom 0, < 12.22.5~dfsg-2~11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(12)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2021-22939
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-22939
- WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- WEBhttps://hackerone.com/reports/1278254
- WEBhttps://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
- WEBhttps://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-22939
- WEBhttps://security.gentoo.org/glsa/202401-02
- WEBhttps://security.netapp.com/advisory/ntap-20210917-0003/
- WEBhttps://www.oracle.com/security-alerts/cpujan2022.html
- WEBhttps://www.oracle.com/security-alerts/cpujul2022.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html