Unrated severityNVD Advisory· Published Jun 8, 2020· Updated Aug 4, 2024
CVE-2020-8172
CVE-2020-8172
Description
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
Affected products
7- node/nodedescription
- osv-coords6 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012
>= 12.0.0, < 12.18.0+ 5 more
- (no CPE)range: >= 12.0.0, < 12.18.0
- (no CPE)range: >= 12.0.0, < 12.18.0
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 14.17.5-1.2
- (no CPE)range: < 12.18.0-1.14.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- security.gentoo.org/glsa/202101-07mitrevendor-advisoryx_refsource_GENTOO
- hackerone.com/reports/811502mitrex_refsource_MISC
- nodejs.org/en/blog/vulnerability/june-2020-security-releases/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200625-0002/mitrex_refsource_CONFIRM
- www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.