Количество 18
Количество 18
GHSA-jg6g-8j59-vr29
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ...
BDU:2022-00759
Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки
openSUSE-SU-2022:0113-1
Security update for nodejs12
openSUSE-SU-2022:0112-1
Security update for nodejs14
SUSE-SU-2022:0114-1
Security update for nodejs14
SUSE-SU-2022:0113-1
Security update for nodejs12
SUSE-SU-2022:0112-1
Security update for nodejs14
RLSA-2022:7830
Moderate: nodejs:14 security update
ELSA-2022-7830
ELSA-2022-7830: nodejs:14 security update (MODERATE)
RLSA-2022:9073
Moderate: nodejs:16 security, bug fix, and enhancement update
ELSA-2022-9073-1
ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE)
ROS-20220125-10
Уязвимость программной платформы Node.js
SUSE-SU-2022:0101-1
Security update for nodejs12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-jg6g-8j59-vr29 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | CVSS3: 5.3 | 0% Низкий | почти 4 года назад | |
| CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ... | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | BDU:2022-00759 Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки | CVSS3: 7.4 | почти 4 года назад | |
 | openSUSE-SU-2022:0113-1 Security update for nodejs12 | почти 4 года назад | ||
| openSUSE-SU-2022:0112-1 Security update for nodejs14 | почти 4 года назад | ||
| SUSE-SU-2022:0114-1 Security update for nodejs14 | почти 4 года назад | ||
| SUSE-SU-2022:0113-1 Security update for nodejs12 | почти 4 года назад | ||
| SUSE-SU-2022:0112-1 Security update for nodejs14 | почти 4 года назад | ||
 | RLSA-2022:7830 Moderate: nodejs:14 security update | около 3 лет назад | ||
| ELSA-2022-7830 ELSA-2022-7830: nodejs:14 security update (MODERATE) | около 3 лет назад | ||
| RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update | почти 3 года назад | ||
| ELSA-2022-9073-1 ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE) | почти 3 года назад | ||
 | ROS-20220125-10 Уязвимость программной платформы Node.js | почти 4 года назад | ||
| SUSE-SU-2022:0101-1 Security update for nodejs12 | почти 4 года назад |
Уязвимостей на страницу