Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
References
Link | Resource |
---|---|
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Aug 2022, 13:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nodejs:node.js:8.8.1:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.9.1:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.1.4:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.4.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:9.2.1:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.8.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.6.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.9.3:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.9.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:9.3.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.3.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.1.2:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:9.2.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.7.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.1.3:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:nodejs:node.js:8.2.0:*:*:*:*:*:*:* |
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
Information
Published : 2017-12-11 21:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-15896
Mitre link : CVE-2017-15896
CVE.ORG link : CVE-2017-15896
JSON object : View
Products Affected
nodejs
- node.js
CWE