CVE-2020-8172
Severity
7.4HIGH
EPSS
1.2%
top 21.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 8
Latest updateMay 24
Description
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2
Affected Packages7 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-98vx-jqrx-7mq2: TLS session reuse can lead to host certificate verification bypass in node version < 12↗2022-05-24
CVEList▶
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass in node version < 12↗2020-06-08
OSV▶
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass in node version < 12↗2020-06-08
📋Vendor Advisories
2💬Community
8Bugzilla▶
CVE-2020-8172 nodejs:10/nodejs: TLS session reuse can lead to hostname verification bypass [fedora-all]↗2020-06-08
Bugzilla
▶
Bugzilla▶
CVE-2020-8172 nodejs:12/nodejs: TLS session reuse can lead to hostname verification bypass [fedora-all]↗2020-06-08
Bugzilla▶
CVE-2020-8172 nodejs:11/nodejs: TLS session reuse can lead to hostname verification bypass [fedora-all]↗2020-06-08
Bugzilla▶
CVE-2020-8172 nodejs:13/nodejs: TLS session reuse can lead to hostname verification bypass [fedora-all]↗2020-06-08