CVE-2022-31183

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31183
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31183.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-31183
Aliases
Published
2022-08-01T20:15:08Z
Modified
2024-10-12T09:39:59.250209Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely independent. 2. TLSSockets in server-mode. Client-mode TLSSockets are implemented via a different API. 3. mTLS as enabled via requestCert = true in TLSParameters. The default setting is false for server-mode TLSSockets. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.

References

Affected packages

Git / github.com/typelevel/fs2

Affected ranges

Type
GIT
Repo
https://github.com/typelevel/fs2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

redesign-complex-interpreter

release/0.*

release/0.4
release/0.4.1
release/0.5
release/0.7
release/0.7a
release/0.8

v0.*

v0.10.0
v0.10.0-M1
v0.10.0-M10
v0.10.0-M11
v0.10.0-M2
v0.10.0-M3
v0.10.0-M4
v0.10.0-M5
v0.10.0-M6
v0.10.0-M7
v0.10.0-M8
v0.10.0-M9
v0.10.0-RC1
v0.10.0-RC2
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.9.0
v0.9.0-M1
v0.9.0-M2
v0.9.0-M3
v0.9.0-M4
v0.9.0-M5
v0.9.0-M6
v0.9.0-RC1
v0.9.0-RC2
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.5-RC1

v1.*

v1.0.0
v1.0.0-M1
v1.0.0-M2
v1.0.0-M3
v1.0.0-M4
v1.0.0-M5
v1.0.0-RC1
v1.0.0-RC2
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0-M1
v1.1.0-M2

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.0-M1
v2.5.0-M2
v2.5.0-M3
v2.5.0-RC1
v2.5.1
v2.5.2

v3.*

v3.0.0
v3.0.0-M1
v3.0.0-M2
v3.0.0-M3
v3.0.0-M4
v3.0.0-M5
v3.0.0-M6
v3.0.0-M7
v3.0.0-M8
v3.0.0-M9
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.2.0
v3.2.1
v3.2.10
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9