The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-22T23:52:48
Updated: 2024-08-03T23:03:33.466Z
Reserved: 2021-04-22T00:00:00
Link: CVE-2021-31597
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-04-23T00:15:08.283
Modified: 2021-12-08T20:27:09.257
Link: CVE-2021-31597
Redhat