Количество 18
Количество 18
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ...
GHSA-jg6g-8j59-vr29
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
BDU:2022-00759
Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки
openSUSE-SU-2022:0113-1
Security update for nodejs12
openSUSE-SU-2022:0112-1
Security update for nodejs14
SUSE-SU-2022:0114-1
Security update for nodejs14
SUSE-SU-2022:0113-1
Security update for nodejs12
SUSE-SU-2022:0112-1
Security update for nodejs14
RLSA-2022:7830
Moderate: nodejs:14 security update
ELSA-2022-7830
ELSA-2022-7830: nodejs:14 security update (MODERATE)
RLSA-2022:9073
Moderate: nodejs:16 security, bug fix, and enhancement update
ELSA-2022-9073-1
ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE)
ROS-20220125-10
Уязвимость программной платформы Node.js
SUSE-SU-2022:0101-1
Security update for nodejs12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
 | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад | |
| CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ... | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-jg6g-8j59-vr29 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
 | BDU:2022-00759 Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки | CVSS3: 7.4 | больше 3 лет назад | |
 | openSUSE-SU-2022:0113-1 Security update for nodejs12 | больше 3 лет назад | ||
| openSUSE-SU-2022:0112-1 Security update for nodejs14 | больше 3 лет назад | ||
| SUSE-SU-2022:0114-1 Security update for nodejs14 | больше 3 лет назад | ||
| SUSE-SU-2022:0113-1 Security update for nodejs12 | больше 3 лет назад | ||
| SUSE-SU-2022:0112-1 Security update for nodejs14 | больше 3 лет назад | ||
 | RLSA-2022:7830 Moderate: nodejs:14 security update | больше 2 лет назад | ||
| ELSA-2022-7830 ELSA-2022-7830: nodejs:14 security update (MODERATE) | больше 2 лет назад | ||
| RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2022-9073-1 ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE) | больше 2 лет назад | ||
 | ROS-20220125-10 Уязвимость программной платформы Node.js | больше 3 лет назад | ||
| SUSE-SU-2022:0101-1 Security update for nodejs12 | больше 3 лет назад |
Уязвимостей на страницу