vulnerability

Alma Linux: CVE-2021-22939: Important: nodejs:12 security and bug fix update (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Aug 16, 2021	May 4, 2022	Apr 17, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Aug 16, 2021

Added

May 4, 2022

Modified

Apr 17, 2026

Description

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

Solutions

alma-upgrade-nodejsalma-upgrade-nodejs-develalma-upgrade-nodejs-docsalma-upgrade-nodejs-full-i18nalma-upgrade-nodejs-nodemonalma-upgrade-nodejs-packagingalma-upgrade-npm

References

CVE-2021-22939
https://attackerkb.com/topics/CVE-2021-22939
CWE-295
EUVD-EUVD-2021-10068
https://errata.almalinux.org/8/ALSA-2021-3623.html
https://errata.almalinux.org/8/ALSA-2021-3666.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-10068

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report