Xmlhttprequest-ssl Project : Security vulnerabilities, CVEs

CVE-2021-31597

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

Max CVSS

9.4

EPSS Score

0.21%

Published

2021-04-23

Updated

2021-12-08

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Xmlhttprequest-ssl Project : Security Vulnerabilities, CVEs,

CVE-2021-31597