opensource.microsoft.com icon indicating copy to clipboard operation
opensource.microsoft.com copied to clipboard
verified publisher icon microsoft

Patched xmlhttprequest-ssl CVE-2021-31597

Open imhunterand opened this issue 3 years ago • 0 comments

Descriptions issue:

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

CVE-2021-31597 9.4 / 10

Best Regards, @imhunterand

imhunterand avatar Aug 11 '22 16:08 imhunterand