CVE-2020-8172

All Frameworks › Node.js › CWE-Other › CVE-2020-8172

CVE-2020-8172

State: PUBLISHED · Published: 2020-06-08 · Updated: 2024-08-04 · Assigner: hackerone

Description

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

CWE

(none)

Affected

n/a / https://github.com/nodejs/node — v=12.18.0,14.4.0 [affected]

CVSS

(none)

References

https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
https://hackerone.com/reports/811502 x_refsource_MISC
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/ x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200625-0002/ x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
https://security.gentoo.org/glsa/202101-07 vendor-advisory, x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC

Source

cvelistV5-main/cves/2020/8xxx/CVE-2020-8172.json