CVE-2021-31597 – The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validatio …

23 April 2021

Vuln ID: CVE-2021-31597

Published: 2021-04-23 00:15:08Z

Description: The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

Source: NVD.NIST.GOV

Date:

23 April 2021

Categorie(s):

NVD

Tag(s):

NVD

What is ThreatLocker Cybersecurity Used For & How to Protect Your Digital Future?25 April 2024
Zombie worm continues to infect millions of IPs years after it was left for dead25 April 2024
How to Avoid Romance Scams 25 April 2024
Net neutrality has been restored25 April 2024
Cyberattacks on Poland surged after election of pro-Ukraine government, NetScout says25 April 2024