CVE-2021-22939 Vulnerability Details
/
/
/
CVE-2021-22939 Metadata Quick Info
CVE Published: 16/08/2021 |
CVE Updated: 03/08/2024 |
CVE Year: 2021
Source: hackerone |
Vendor: n/a |
Product: https://github.com/nodejs/node
Status : PUBLISHED
CVE-2021-22939 Description
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID: CWE-295
CWE Name: Improper Certificate Validation (CWE-295)
Source: n/a
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: