vulnerability
Oracle Linux: CVE-2020-8172: ELSA-2020-2852: nodejs:12 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:N/C:C/I:C/A:N) | 2020-06-02 | 2020-07-22 | 2025-01-08 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
2020-06-02
Added
2020-07-22
Modified
2025-01-08
Description
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions.
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions.
Solution(s)
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.