VDB
ALPINE-CVE-2021-22939
ALPINE-CVE-2021-22939
PUBLISHED
CVSS 5.300000190734863 MEDIUM
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.21 | nodejs | 0, 0, 0 |
| Alpine:v3.13 | nodejs | 12.14.0-r0, 12.13.1-r0, 12.13.0-r1 |
| Alpine:v3.17 | nodejs | 6.10.0-r0, 4.4.7-r0, 4.4.5-r0 |
| Alpine:v3.15 | nodejs | 6.10.1-r0, 4.4.7-r0, 4.4.5-r0 |
| Alpine:v3.23 | nodejs | 0, 0, 0 |
| Alpine:v3.11 | nodejs | 8.11.1-r2, 8.11.2-r0, 8.11.3-r0 |
| Alpine:v3.14 | nodejs | 0, 10.14.0-r0, 10.14.2-r0 |
| Alpine:v3.12 | nodejs | 6.11.0-r0, 8.9.4-r0, 8.9.3-r1 |
| Alpine:v3.20 | nodejs | 6.9.5-r1, 8.11.0-r1, 8.11.1-r1 |
| Alpine:v3.22 | nodejs | 0, 0, 0 |
| Alpine:v3.18 | nodejs | 8.10.0-r0, 8.11.0-r0, 8.11.0-r1 |
| Alpine:v3.19 | nodejs | 8.9.4-r0, 8.9.3-r1, 8.9.3-r0 |
| Alpine:v3.16 | nodejs | 8.9.4-r0, 8.9.3-r1, 8.9.3-r0 |
Timeline
- Aug 16, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch