CVE-2021-22939
Description
If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.133
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (x64) (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (x64) (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (x64) (16.6.2) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (16.6.2) | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 8.0.26 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-debugsource-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-devel-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-docs-12.22.5-1.module+el8.4.0+12242+af52a4c7.noarch.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-full-i18n-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update npm-6.14.14-1.12.22.5.1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-debugsource-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-devel-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-docs-14.17.5-1.module+el8.4.0+12247+e2879e58.noarch.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-full-i18n-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update npm-6.14.14-1.14.17.5.1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-debuginfo-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.3.0+2023+d2377ea3.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| Important: nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-320970 | Node.js 16 (x64) (16.6.2) |
| PATCH-320971 | Node.js 16 (16.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234