high
7.4
CWE
295
Advisory Published
Updated

CVE-2021-44533

First published: Mon Jan 10 2022(Updated: )

Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of multi-value Relative Distinguished Names. By crafting certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, an attacker could exploit this vulnerability to bypass the certificate subject verification.

Credit: support@hackerone.com

Affected SoftwareAffected VersionHow to fix
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
0:12.22.12-2.el7
redhat/rh-nodejs14-nodejs<0:14.20.1-2.el7
0:14.20.1-2.el7
debian/nodejs<=10.24.0~dfsg-1~deb10u1<=10.24.0~dfsg-1~deb10u3
12.22.12~dfsg-1~deb11u4
18.13.0+dfsg1-1
IBM Cognos Analytics 11.2.x<=IBM Cognos Analytics 11.2.x
IBM Cognos Analytics 11.1.x<=IBM Cognos Analytics 11.1.x
redhat/node<12.22.9
12.22.9
redhat/node<14.18.3
14.18.3
redhat/node<16.13.2
16.13.2
redhat/node<17.3.1
17.3.1
Nodejs Node.js<12.22.9
Nodejs Node.js>=14.0.0<14.18.3
Nodejs Node.js>=16.0.0<16.13.2
Nodejs Node.js>=17.0.0<17.3.1
Oracle GraalVM=20.3.5
Oracle GraalVM=21.3.1
Oracle GraalVM=22.0.0.2
Oracle MySQL Cluster<8.0.29
Oracle MySQL Cluster=8.0.29
Oracle Mysql Connectors<=8.0.28
IBM Cognos Analytics<=8.0.29
Oracle Mysql Server<=5.7.37
Oracle Mysql Server>=8.0.0<=8.0.28
Oracle Mysql Workbench<=8.0.28
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle PeopleSoft Enterprise PeopleTools=8.59
Debian Debian Linux=11.0

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-44533?

    CVE-2021-44533 is a vulnerability found in Node.js versions prior to 12.22.9, 14.18.3, 16.13.2, and 17.3.1.

  • How severe is CVE-2021-44533?

    CVE-2021-44533 has a severity rating of 7.4, which is considered high.

  • How does CVE-2021-44533 affect Node.js?

    CVE-2021-44533 affects Node.js versions prior to 12.22.9, 14.18.3, 16.13.2, and 17.3.1. It does not handle multi-value Relative Distinguished Names correctly, which could allow attackers to craft malicious certificates.

  • How can I fix CVE-2021-44533 in Node.js?

    To fix CVE-2021-44533 in Node.js, you should update to version 12.22.9, 14.18.3, 16.13.2, or 17.3.1, which contain the necessary security patches.

  • Where can I find more information about CVE-2021-44533?

    You can find more information about CVE-2021-44533 in the official Node.js security releases blog post and the associated bugzilla entries.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203