CVE-2021-22939 vulnerability in nodejs and Other Products

CVE-2021-22939 vulnerability in nodejs and Other Products
Published on August 16, 2021

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Weakness Type

Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

Products Associated with CVE-2021-22939

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22939 are published in these products:

Affected Versions

Version 4.0 and below 4.* is affected.

Version 5.0 and below 5.* is affected.

Version 6.0 and below 6.* is affected.

Version 7.0 and below 7.* is affected.

Version 8.0 and below 8.* is affected.

Version 9.0 and below 9.* is affected.

Version 10.0 and below 10.* is affected.

Version 11.0 and below 11.* is affected.

Version 12.0 and below 12.22.5 is affected.

Version 13.0 and below 13.* is affected.

Version 14.0 and below 14.17.5 is affected.

Version 15.0 and below 15.* is affected.

Version 16.0 and below 16.6.2 is affected.

Exploit Probability

EPSS

0.13%

Percentile

33.07%