CVE-2021-44532

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44532

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44532.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44532

Aliases

BIT-node-2021-44532

Related

Published

2022-02-24T19:15:09Z

Modified

2024-09-11T04:52:43.347323Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

References

Affected packages

Alpine:v3.12 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.10-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

12.20.1-r0

12.21.0-r0

12.22.1-r0

12.22.2-r0

12.22.4-r0

12.22.5-r0

12.22.6-r0

Alpine:v3.13 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.19.0-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.1-r0

14.16.1-r1

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.18.1-r0

Alpine:v3.14 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.19.0-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.18.1-r0

Alpine:v3.15 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

Alpine:v3.16 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

Alpine:v3.17 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

Alpine:v3.18 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

Alpine:v3.19 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

Alpine:v3.20 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.13.2-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

Debian:11 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.12~dfsg-1~deb11u1

Affected versions

12.*

12.21.0~dfsg-5

12.22.4~dfsg-1

12.22.5~dfsg-1

12.22.5~dfsg-2~11u1

12.22.5~dfsg-2

12.22.5~dfsg-3

12.22.5~dfsg-4

12.22.5~dfsg-5

12.22.5~dfsg-6

12.22.5~dfsg-7

12.22.7~dfsg-1

12.22.7~dfsg-2

12.22.9~dfsg-1

12.22.10~dfsg-1

12.22.10~dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

f99ce7c1b88ff445f60e9e5575b674cb509e47f3

Fixed

e4f326669a3f98a8804dde23eee6d8403f0a99f1

Affected versions

v17.*

v17.0.0

v17.0.1

v17.1.0

v17.2.0

v17.3.0