Security Advisory

CVE-2021-31597

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-22 23:52:48

Last updated 2024-08-03 23:03:33

Assigner mitre

State PUBLISHED

Description

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

← Browse all CVEs View on cve.org ↗