Количество 18
Количество 18
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
CVE-2021-44532
CVE-2021-44532
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ...
GHSA-jg6g-8j59-vr29
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
BDU:2022-00759
Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки
openSUSE-SU-2022:0113-1
Security update for nodejs12
openSUSE-SU-2022:0112-1
Security update for nodejs14
SUSE-SU-2022:0114-1
Security update for nodejs14
SUSE-SU-2022:0113-1
Security update for nodejs12
SUSE-SU-2022:0112-1
Security update for nodejs14
RLSA-2022:7830
Moderate: nodejs:14 security update
ELSA-2022-7830
ELSA-2022-7830: nodejs:14 security update (MODERATE)
RLSA-2022:9073
Moderate: nodejs:16 security, bug fix, and enhancement update
ELSA-2022-9073-1
ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE)
ROS-20220125-10
Уязвимость программной платформы Node.js
SUSE-SU-2022:0101-1
Security update for nodejs12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 7.4 | 0% Низкий | около 4 лет назад |
 | CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
 | CVSS3: 5.3 | 0% Низкий | около 4 лет назад | |
| CVE-2021-44532 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ... | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| GHSA-jg6g-8j59-vr29 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
 | BDU:2022-00759 Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки | CVSS3: 7.4 | около 4 лет назад | |
 | openSUSE-SU-2022:0113-1 Security update for nodejs12 | около 4 лет назад | ||
| openSUSE-SU-2022:0112-1 Security update for nodejs14 | около 4 лет назад | ||
| SUSE-SU-2022:0114-1 Security update for nodejs14 | около 4 лет назад | ||
| SUSE-SU-2022:0113-1 Security update for nodejs12 | около 4 лет назад | ||
| SUSE-SU-2022:0112-1 Security update for nodejs14 | около 4 лет назад | ||
 | RLSA-2022:7830 Moderate: nodejs:14 security update | больше 3 лет назад | ||
| ELSA-2022-7830 ELSA-2022-7830: nodejs:14 security update (MODERATE) | больше 3 лет назад | ||
| RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update | больше 3 лет назад | ||
| ELSA-2022-9073-1 ELSA-2022-9073-1: nodejs:16 security, bug fix, and enhancement update (MODERATE) | больше 3 лет назад | ||
 | ROS-20220125-10 Уязвимость программной платформы Node.js | около 4 лет назад | ||
| SUSE-SU-2022:0101-1 Security update for nodejs12 | около 4 лет назад |
Уязвимостей на страницу