Unrated severityNVD Advisory· Published Aug 16, 2021· Updated Apr 30, 2025
CVE-2021-22939
CVE-2021-22939
Description
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- osv-coords25 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npmpkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs16&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3
>= 12.0.0, < 12.22.5+ 24 more
- (no CPE)range: >= 12.0.0, < 12.22.5
- (no CPE)range: >= 12.0.0, < 12.22.5
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 2.0.3-1.module_el8.4.0+2521+c668cc9f
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 1:6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 10.24.1-lp152.2.18.1
- (no CPE)range: < 10.24.1-1.39.2
- (no CPE)range: < 12.22.5-lp152.3.18.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 14.17.5-lp152.14.1
- (no CPE)range: < 14.17.5-5.15.5
- (no CPE)range: < 14.17.5-1.2
- (no CPE)range: < 16.6.2-2.2
- (no CPE)range: < 10.24.1-1.42.2
- (no CPE)range: < 10.24.1-1.39.2
- (no CPE)range: < 12.22.5-1.35.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 14.17.5-6.15.3
- (no CPE)range: < 14.17.5-5.15.5
- (no CPE)range: < 14.17.5-5.15.5
Patches
Vulnerability mechanics
References
9- security.gentoo.org/glsa/202401-02mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/10/msg00006.htmlmitremailing-list
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitre
- hackerone.com/reports/1278254mitre
- nodejs.org/en/blog/vulnerability/aug-2021-security-releases/mitre
- security.netapp.com/advisory/ntap-20210917-0003/mitre
- www.oracle.com/security-alerts/cpujan2022.htmlmitre
- www.oracle.com/security-alerts/cpujul2022.htmlmitre
- www.oracle.com/security-alerts/cpuoct2021.htmlmitre
News mentions
0No linked articles in our index yet.