If the Node.js https API was used incorrectly and “undefined” was in passed for the “rejectUnauthorized” parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

hackerone.com/reports/1278254

lists.debian.org/debian-lts-announce/2022/10/msg00006.html

nodejs.org/en/blog/vulnerability/aug-2021-security-releases/

security.gentoo.org/glsa/202401-02

security.netapp.com/advisory/ntap-20210917-0003/

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

ibm 19

osv 8

ubuntucve 1

cvelist 1

nvd 1

alpinelinux 1

debiancve 1

cbl_mariner 2

hackerone 1

veracode 1

redhatcve 1

prion 1

cve 1

nessus 31

openvas 17

nodejsblog 1

freebsd 1

photon 2

altlinux 1

suse 6

archlinux 2

debian 1

gentoo 2

rocky 2

redhat 6

almalinux 2

oraclelinux 2

mageia 1

ics 1

oracle 3

ibm

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

2021-11-09 17:59:09

Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939)

2022-04-19 20:12:12

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939

2021-10-20 10:07:56

osv

BIT-node-2021-22939

2024-03-06 11:06:17

nodejs - security update

2022-10-05 00:00:00

nodejs16-16.6.2-2.2 on GA media

2024-06-15 00:00:00

ubuntucve

CVE-2021-22939

2021-08-16 00:00:00

cvelist

CVE-2021-22939

2021-08-16 00:00:00

nvd

CVE-2021-22939

2021-08-16 19:15:13

alpinelinux

CVE-2021-22939

2021-08-16 19:15:13

debiancve

CVE-2021-22939

2021-08-16 19:15:13

cbl_mariner

CVE-2021-22939 affecting package nodejs 14.17.2-1

2021-09-09 15:03:07

CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1

2022-04-09 06:52:23

hackerone

Node.js: Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation

2021-07-26 16:29:32

veracode

Remote Code Execution (RCE)

2021-08-12 23:13:36

redhatcve

CVE-2021-22939

2021-08-12 10:51:08

prion

Code injection

2021-08-16 19:15:00

cve

CVE-2021-22939

2021-08-16 19:15:13

nessus

Node.js Multiple Vulnerabilities (August 2021 Security Releases)

2021-10-19 00:00:00

Photon OS 4.0: Nodejs PHSA-2021-4.0-0090

2024-07-23 00:00:00

SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:2823-1)

2021-08-25 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:2823-1)

2021-08-25 00:00:00

Node.js 12.x, 14.x, 16.x Multiple Vulnerabilities (Aug 2021) - Mac OS X

2021-08-19 00:00:00

Node.js 12.x, 14.x, 16.x Multiple Vulnerabilities (Aug 2021) - Windows

2021-08-19 00:00:00

nodejsblog

August 2021 Security Releases

2021-08-11 00:00:00

freebsd

Node.js -- August 2021 Security Releases

2021-08-11 00:00:00

photon

Critical Photon OS Security Update - PHSA-2021-0090

2021-08-27 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0090

2021-08-27 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 14.17.5-alt1

2021-08-17 00:00:00

suse

Security update for nodejs10 (moderate)

2021-09-03 00:00:00

Security update for nodejs10 (moderate)

2021-09-07 00:00:00

Security update for nodejs12 (important)

2021-08-30 00:00:00

archlinux

[ASA-202110-6] nodejs-lts-erbium: multiple issues

2021-10-21 00:00:00

[ASA-202110-5] nodejs-lts-fermium: multiple issues

2021-10-21 00:00:00

debian

[SECURITY] [DLA 3137-1] nodejs security update

2022-10-05 15:18:22

gentoo

c-ares: Multiple Vulnerabilities

2024-01-05 00:00:00

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

rocky

nodejs:14 security and bug fix update

2021-09-27 06:47:35

nodejs:12 security and bug fix update

2021-09-21 12:33:58

redhat

(RHSA-2021:3623) Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

(RHSA-2021:3666) Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

(RHSA-2021:3281) Important: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update

2021-08-26 09:51:49

almalinux

Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

oraclelinux

nodejs:12 security and bug fix update

2021-09-22 00:00:00

nodejs:14 security and bug fix update

2021-09-27 00:00:00

mageia

Updated nodejs packages fix security vulnerability

2021-10-06 22:41:56

ics

Siemens SINEC INS

2022-03-10 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.011

Percentile

84.5%

JSON

Related for OSV:CVE-2021-22939