exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2021-31597

почти 5 лет назад

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

CVSS3: 9.4

EPSS: Низкий

CVE-2021-31597

почти 5 лет назад

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

CVSS3: 9.4

EPSS: Низкий

CVE-2021-31597

почти 5 лет назад

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

CVSS3: 9.4

EPSS: Низкий

CVE-2021-31597

почти 5 лет назад

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...

CVSS3: 9.4

EPSS: Низкий

GHSA-72mh-269x-7mh5

больше 4 лет назад

Improper Certificate Validation in xmlhttprequest-ssl

CVSS3: 9.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-31597 The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.	CVSS3: 9.4	0% Низкий	почти 5 лет назад
CVE-2021-31597 The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.	CVSS3: 9.4	0% Низкий	почти 5 лет назад
CVE-2021-31597 The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.	CVSS3: 9.4	0% Низкий	почти 5 лет назад
CVE-2021-31597 The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...	CVSS3: 9.4	0% Низкий	почти 5 лет назад
GHSA-72mh-269x-7mh5 Improper Certificate Validation in xmlhttprequest-ssl	CVSS3: 9.4	0% Низкий	больше 4 лет назад

Уязвимостей на страницу