CVE-2021-44531

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44531
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44531.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-44531
Aliases
Downstream
Related
Published
2022-02-24T19:15:09.313Z
Modified
2026-04-11T12:38:17.427134Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.58"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.59"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git
github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ab8db8415e996bd955acef60c0b2225761210c9a
Last affected
5d777aadefa45491c9fd582d09ef4dc7dfdf1bfa
Last affected
bd6570ec5fc8253ab93b6760c36a3883cc3bdbb2
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.3.5"
        },
        {
            "last_affected": "21.3.1"
        },
        {
            "last_affected": "22.0.0.2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*"
    ]
}

Affected versions

vm-19.*
vm-19.3.0
vm-19.3.0.2
vm-19.3.1
vm-20.*
vm-20.0.0
vm-20.3.5
vm-21.*
vm-21.3.1
vm-22.*
vm-22.0.0.2
vm-ce-21.*
vm-ce-21.2.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44531.json"
github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6846e6b2f72931991cc9fd589dc9946ea2ab58c9
Last affected
8d8c986e5716e38cb776b627a8eee9e92241b4ce
Last affected
0cd98bdf981583a1cf4cb526581fc16e23bb839b
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Last affected
6846e6b2f72931991cc9fd589dc9946ea2ab58c9
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.28"
        },
        {
            "last_affected": "8.0.29"
        },
        {
            "last_affected": "5.7.37"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.28"
        }
    ],
    "cpe": [
        "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*"
    ]
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7.31
mysql-5.7.32
mysql-5.7.35
mysql-5.7.36
mysql-5.7.37
mysql-8.*
mysql-8.0.28
mysql-8.0.29
mysql-cluster-8.*
mysql-cluster-8.0.28
mysql-cluster-8.0.29

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44531.json"
github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4e44cbfba6bbb87aa15564ea6856a556804f71c0
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Fixed
92df3d654b366aa115fb672756cb051d480d8acc
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Fixed
acb71eab779fb56bf70e8a9e0cb2e82a089a87de
Introduced
f99ce7c1b88ff445f60e9e5575b674cb509e47f3
Fixed
e4f326669a3f98a8804dde23eee6d8403f0a99f1
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.22.9"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.18.3"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.13.2"
        },
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.3.1"
        }
    ],
    "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.21.0
v12.22.0
v12.22.1
v12.22.2
v12.22.3
v12.22.4
v12.22.5
v12.22.6
v12.22.7
v12.22.8
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.15.1
v14.15.2
v14.15.3
v14.15.4
v14.15.5
v14.16.0
v14.16.1
v14.17.0
v14.17.1
v14.17.2
v14.17.3
v14.17.4
v14.17.5
v14.17.6
v14.18.0
v14.18.1
v14.18.2
v14.2.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.11.1
v16.12.0
v16.13.0
v16.13.1
v16.2.0
v16.3.0
v16.4.0
v16.4.1
v16.4.2
v16.5.0
v16.6.0
v16.6.1
v16.6.2
v16.7.0
v16.8.0
v16.9.0
v16.9.1
v17.*
v17.0.0
v17.0.1
v17.1.0
v17.2.0
v17.3.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44531.json"