Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-22939 (Medium) detected in node #1047

Closed
tmarkley opened this issue Dec 28, 2021 · 1 comment · Fixed by #1028
Closed

CVE-2021-22939 (Medium) detected in node #1047

tmarkley opened this issue Dec 28, 2021 · 1 comment · Fixed by #1028
Labels
cve Security vulnerabilities detected by Dependabot or Mend medium severity Medium severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0

Comments

@tmarkley
Copy link
Contributor

tmarkley commented Dec 28, 2021
edited
Loading

CVE-2021-22939 - Medium Severity Vulnerability

⚠️ Vulnerable Libraries: node@10.24.1

Dependency Hierarchy

  • node@10.24.1 (Root Library)

Found in base branch: main

🕵️ Vulnerability Details

Description

If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Publish Date

2021-08-16

URL

CVE-2021-22939

🎯 CVSS 3 Score Details (5.3)

Scores

Base: 5.3
Exploitability: 3.9
Impact: 1.4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability Metrics

Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S)
Network (AV:N) Low (AC:L) None (PR:N) None (UI:N) Unchanged (S:U)

Impact Metrics

Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)
None (C:N) Low (I:L) None (A:N)

🔧 Suggested Fix

How to fix?

Upgrade node to version 16.6.2, 14.17.5, 12.22.5 or higher.

Origin

https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-1540539
@tmarkley tmarkley added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Dec 28, 2021
@tmarkley tmarkley linked a pull request Dec 28, 2021 that will close this issue
[Node 14] Upgrades Node version to 14.18.2 #1028
Merged
7 tasks
@tmarkley tmarkley added the medium severity Medium severity CVE label Dec 29, 2021
@mend-for-github-com mend-for-github-com bot changed the title CVE-2021-22939 (Medium) detected in node CVE-2021-22939 (Medium) detected in node - autoclosed Jan 4, 2022
@mend-for-github-com
Copy link

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

@tmarkley tmarkley changed the title CVE-2021-22939 (Medium) detected in node - autoclosed CVE-2021-22939 (Medium) detected in node Jan 4, 2022
@tmarkley tmarkley reopened this Jan 4, 2022
@tmarkley tmarkley added cve Security vulnerabilities detected by Dependabot or Mend v2.0.0 labels Jan 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve Security vulnerabilities detected by Dependabot or Mend medium severity Medium severity CVE Mend: dependency security vulnerability Security vulnerability detected by Mend v2.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Node 14] Upgrades Node version to 14.18.2 boktorbb/OpenSearch-Dashboards
1 participant
@tmarkley