VDB
CVE-2021-22939
CVE-2021-22939
PUBLISHED
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
EPSS 0.12% · 31.2th percentile
Risk Scores
EPSS Score
0.12%
31.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 16.0.0, 14.0.0, 12.0.0 |
| Bitnami | node | 12.0.0, 16.0.0, 14.0.0 |
| Bitnami | node-min | 16.0.0, 12.0.0, 14.0.0 |
| Bitnami | node-min | 14.0.0, 12.0.0, 14.0.0 |
Timeline
- CVE Published
- Aug 17, 2021 EPSS Score
- Sep 10, 2021 PoC Published
- Sep 18, 2021 EPSS Score
- Oct 14, 2021 EPSS Score
- Dec 12, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Apr 8, 2022 EPSS Score
- Jun 5, 2022 EPSS Score
- Oct 1, 2022 EPSS Score
References
- https://hackerone.com/reports/1278254 url
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf url
- https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html url
- https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ url
- https://security.gentoo.org/glsa/202401-02 url
- https://security.netapp.com/advisory/ntap-20210917-0003/ url
- https://www.oracle.com/security-alerts/cpujan2022.html url
- https://www.oracle.com/security-alerts/cpujul2022.html url
- https://www.oracle.com/security-alerts/cpuoct2021.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-22939 url