CVE-2021-22939 Vulnerability Details

  /     /     /  

CVE-2021-22939 Metadata Quick Info

CVE Published: 16/08/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: hackerone | Vendor: n/a | Product: https://github.com/nodejs/node
Status : PUBLISHED

CVE-2021-22939 Description

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-295
CWE Name: Improper Certificate Validation (CWE-295)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: