Back to bug 1953057
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2021-04-23 19:32:15 UTC | Depends On | 1953058 | |
| Pedro Sampaio | 2021-04-23 19:32:30 UTC | Blocks | 1953059 | |
| Eric Christensen | 2021-04-26 14:11:07 UTC | Doc Text | A flaw was found in xmlhttprequest-ssl for Node.js. SSL certificate validation is disabled by default, due to rejectUnauthorized (when the property exists but is undefined) being considered to be false within the https.request function of Node.js (thus, no certificate is ever rejected). The highest threat from this vulnerablity is to data confidentiality and integrity as well as system availability. | |
| Jason Shepherd | 2021-04-28 03:43:10 UTC | Fixed In Version | xmlhttprequest-ssl-1.6.1 | |
| Chess Hazlett | 2021-11-03 23:40:32 UTC | Blocks | 1997390 | |
| Chess Hazlett | 2021-11-03 23:46:52 UTC | CC | amackenz, amasferr, chazlett, drieden, mkudlej, tjochec | |
| Red Hat Bugzilla | 2023-05-15 18:09:22 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-07-07 08:32:03 UTC | Assignee | security-response-team | nobody |
Back to bug 1953057