CVE-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*

History

07 Dec 2021, 19:51

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210917-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210917-0003/ - Third Party Advisory
CPE cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*

20 Oct 2021, 11:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

17 Sep 2021, 22:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210917-0003/ -

24 Aug 2021, 17:09

Type Values Removed Values Added
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
References (MISC) https://hackerone.com/reports/1278254 - (MISC) https://hackerone.com/reports/1278254 - Permissions Required, Third Party Advisory
References (MISC) https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ - (MISC) https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ - Vendor Advisory
CWE CWE-295
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3

16 Aug 2021, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-16 19:15

Updated : 2021-12-07 19:51


NVD link : CVE-2021-22939

Mitre link : CVE-2021-22939


JSON object : View

Products Affected

oracle

  • mysql_cluster
  • graalvm

nodejs

  • node.js

netapp

  • nextgen_api
CWE
CWE-295

Improper Certificate Validation