← Back

CVE-2021-22939

nvd nist
Published: Aug 16, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Affected (13)

Show all products
Nodejs: Node.js · Oracle: Graalvm, Jd Edwards Enterpriseone Tools, Mysql Cluster, Peoplesoft Enterprise Peopletools · Netapp: Nextgen Api · Siemens: Sinec Infrastructure Network Services · Debian: Debian Linux
Nodejs
1 product
Node.js
Oracle
4 products
Graalvm
Jd Edwards Enterpriseone Tools
Mysql Cluster
Peoplesoft Enterprise Peopletools
Netapp
1 product
Nextgen Api
Siemens
1 product
Sinec Infrastructure Network Services
Debian
1 product
Debian Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Nodejs
Node.js
From 16.0.0 to 16.6.2
Node.js
From 12.0.0 to 12.22.5
Node.js
From 14.0.0 to 14.17.5
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Graalvm
Version 20.3.3
Graalvm
Version 21.2.0
Jd Edwards Enterpriseone Tools
Up to 9.2.6.1
Mysql Cluster
Up to 8.0.26
Oracle
Peoplesoft Enterprise Peopletools
Version 8.57
Peoplesoft Enterprise Peopletools
Version 8.58
Peoplesoft Enterprise Peopletools
Version 8.59
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Nextgen Api
All versions
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Sinec Infrastructure Network Services
Before 1.0.1.1
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (18)

Source: support@hackerone.com
PatchThird Party Advisory
Source: support@hackerone.com
ExploitIssue TrackingThird Party Advisory
Source: support@hackerone.com
Issue TrackingThird Party Advisory
Source: support@hackerone.com
PatchVendor Advisory
Source: support@hackerone.com
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: support@hackerone.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.