CVE-2021-22939

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22939
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22939.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22939
Aliases
Downstream
Related
Published
2021-08-16T19:15:13Z
Modified
2025-10-08T04:23:46.687796Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events

Affected versions

v12.*

v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.21.0
v12.22.0
v12.22.1
v12.22.2
v12.22.3
v12.22.4
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1