CVE-2021-44531
nodejs: Improper handling of URI Subject Alternative Names
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
Aceptar tipos de nombres alternativos de sujeto (SAN) arbitrarios, a menos que una PKI esté definida específicamente para usar un tipo de SAN concreto, puede resultar en una omisión de los intermediarios con restricción de nombre. Node.js versiones anteriores a 12.22.9, versiones anteriores a 14.18.3, versiones anteriores a 16.13.2 y versiones anteriores a 17.3.1, aceptaba tipos de URI SAN, que las PKI no suelen estar definidas para usar. Además, cuando un protocolo permite URI SANs, Node.js no hacía coincidir el URI correctamente. Las versiones de Node.js con la corrección para esto deshabilitan el tipo URI SAN cuando comprueban un certificado contra un nombre de host. Este comportamiento puede revertirse mediante la opción de línea de comandos --security-revert
A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-02 CVE Reserved
- 2022-02-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220325-0007 | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://hackerone.com/reports/1429694 | 2022-10-05 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-10-05 |
| URL | Date | SRC |
|---|---|---|
| https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases | 2022-10-05 | |
| https://www.debian.org/security/2022/dsa-5170 | 2022-10-05 | |
| https://access.redhat.com/security/cve/CVE-2021-44531 | 2023-06-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2040839 | 2023-06-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | < 12.22.9 Search vendor "Nodejs" for product "Node.js" and version " < 12.22.9" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 14.0.0 < 14.18.3 Search vendor "Nodejs" for product "Node.js" and version " >= 14.0.0 < 14.18.3" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 16.0.0 < 16.13.2 Search vendor "Nodejs" for product "Node.js" and version " >= 16.0.0 < 16.13.2" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 17.0.0 < 17.3.1 Search vendor "Nodejs" for product "Node.js" and version " >= 17.0.0 < 17.3.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 20.3.5 Search vendor "Oracle" for product "Graalvm" and version "20.3.5" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 21.3.1 Search vendor "Oracle" for product "Graalvm" and version "21.3.1" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 22.0.0.2 Search vendor "Oracle" for product "Graalvm" and version "22.0.0.2" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Connectors Search vendor "Oracle" for product "Mysql Connectors" | <= 8.0.28 Search vendor "Oracle" for product "Mysql Connectors" and version " <= 8.0.28" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | <= 8.0.29 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 8.0.29" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | <= 5.7.37 Search vendor "Oracle" for product "Mysql Server" and version " <= 5.7.37" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Server Search vendor "Oracle" for product "Mysql Server" | >= 8.0.0 <= 8.0.28 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.0 <= 8.0.28" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Workbench Search vendor "Oracle" for product "Mysql Workbench" | <= 8.0.28 Search vendor "Oracle" for product "Mysql Workbench" and version " <= 8.0.28" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Cluster Search vendor "Oracle" for product "Mysql Cluster" | <= 8.0.29 Search vendor "Oracle" for product "Mysql Cluster" and version " <= 8.0.29" | - |
Affected
| ||||||