CVE-2021-44532
- Source
- https://cve.org/CVERecord?id=CVE-2021-44532
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44532.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-44532
- Aliases
- Downstream
- Related
- Published
- 2022-02-24T19:15:09.360Z
- Modified
- 2026-06-18T03:57:24.615606108Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0.29" } ], "vendor_product": "oracle:mysql_cluster" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0.28" } ], "vendor_product": "oracle:mysql_connectors" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0.29" } ], "vendor_product": "oracle:mysql_enterprise_monitor" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "8.0.0" }, { "last_affected": "8.0.28" } ], "vendor_product": "oracle:mysql_workbench" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "11.0" } ], "vendor_product": "debian:debian_linux" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.58" }, { "last_affected": "8.59" } ], "vendor_product": "oracle:peoplesoft_enterprise_peopletools" } ] }- References
-
- https://hackerone.com/reports/1429694
- https://security.netapp.com/advisory/ntap-20220325-0007/
- https://www.debian.org/security/2022/dsa-5170
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
Affected packages
Git
github.com/graalvm/graalvm-ce-builds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graalvm/graalvm-ce-builds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_STRING", "extracted_events": [ { "introduced": "0" }, { "last_affected": "20.3.5" }, { "last_affected": "21.3.1" }, { "last_affected": "22.0.0.2" } ], "cpe": [ "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*" ] }
github.com/mysql/mysql-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affected
- Database specific
{ "source": "CPE_RANGE", "extracted_events": [ { "introduced": "0" }, { "last_affected": "5.7.37" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.28" } ], "cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*" }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7.31
mysql-5.7.32
mysql-5.7.35
mysql-5.7.36
mysql-5.7.37
mysql-8.*
mysql-8.0.28
mysql-cluster-8.*
mysql-cluster-8.0.28
github.com/nodejs/node
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": "CPE_RANGE", "extracted_events": [ { "introduced": "0" }, { "fixed": "12.22.9" }, { "introduced": "14.0.0" }, { "fixed": "14.18.3" }, { "introduced": "16.0.0" }, { "fixed": "16.13.2" }, { "introduced": "17.0.0" }, { "fixed": "17.3.1" } ], "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*" }
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.21.0
v12.22.0
v12.22.1
v12.22.2
v12.22.3
v12.22.4
v12.22.5
v12.22.6
v12.22.7
v12.22.8
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.15.1
v14.15.2
v14.15.3
v14.15.4
v14.15.5
v14.16.0
v14.16.1
v14.17.0
v14.17.1
v14.17.2
v14.17.3
v14.17.4
v14.17.5
v14.17.6
v14.18.0
v14.18.1
v14.18.2
v14.2.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.11.1
v16.12.0
v16.13.0
v16.13.1
v16.2.0
v16.3.0
v16.4.0
v16.4.1
v16.4.2
v16.5.0
v16.6.0
v16.6.1
v16.6.2
v16.7.0
v16.8.0
v16.9.0
v16.9.1
v17.*
v17.0.0
v17.0.1
v17.1.0
v17.2.0
v17.3.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0