Количество 18
Количество 18
CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44531
CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...
GHSA-5qpf-4xwh-5775
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
BDU:2022-00758
Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки
openSUSE-SU-2022:0113-1
Security update for nodejs12
openSUSE-SU-2022:0112-1
Security update for nodejs14
SUSE-SU-2022:0114-1
Security update for nodejs14
SUSE-SU-2022:0113-1
Security update for nodejs12
SUSE-SU-2022:0112-1
Security update for nodejs14
RLSA-2022:7830
Moderate: nodejs:14 security update
ELSA-2022-7830
ELSA-2022-7830: nodejs:14 security update (MODERATE)
RLSA-2022:9073
Moderate: nodejs:16 security, bug fix, and enhancement update
ELSA-2022-9073-1
ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE)
ROS-20220125-10
Уязвимость программной платформы Node.js
SUSE-SU-2022:0101-1
Security update for nodejs12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-44531 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44531 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-44531 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад | |
| CVE-2021-44531 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ... | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
| GHSA-5qpf-4xwh-5775 Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | BDU:2022-00758 Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
 | openSUSE-SU-2022:0113-1 Security update for nodejs12 | больше 3 лет назад | ||
| openSUSE-SU-2022:0112-1 Security update for nodejs14 | больше 3 лет назад | ||
| SUSE-SU-2022:0114-1 Security update for nodejs14 | больше 3 лет назад | ||
| SUSE-SU-2022:0113-1 Security update for nodejs12 | больше 3 лет назад | ||
| SUSE-SU-2022:0112-1 Security update for nodejs14 | больше 3 лет назад | ||
 | RLSA-2022:7830 Moderate: nodejs:14 security update | больше 2 лет назад | ||
| ELSA-2022-7830 ELSA-2022-7830: nodejs:14 security update (MODERATE) | больше 2 лет назад | ||
| RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update | больше 2 лет назад | ||
| ELSA-2022-9073-1 ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE) | больше 2 лет назад | ||
 | ROS-20220125-10 Уязвимость программной платформы Node.js | больше 3 лет назад | ||
| SUSE-SU-2022:0101-1 Security update for nodejs12 | больше 3 лет назад |
Уязвимостей на страницу