CVE-2020-8172
published 2020-06-08CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | — | — |
| https | github.com_nodejs_node | — | — |
| nodejs | node.js | >= 12.0.0 < 12.18.0 | 12.18.0 |
| nodejs | node.js | >= 14.0.0 < 14.4.0 | 14.4.0 |
| nodejs | nodejs | >= 0 < 12.20.1-r0 | 12.20.1-r0 |
| nodejs | nodejs | >= 0 < 12.18.3-r0 | 12.18.3-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| nodejs | nodejs | >= 0 < 12.18.0-r0 | 12.18.0-r0 |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | blockchain_platform | < 21.1.2 | 21.1.2 |
| oracle | graalvm | — | — |
| oracle | graalvm | — | — |
| oracle | mysql_cluster | <= 7.3.30 | — |
| oracle | mysql_cluster | 7.4.0 – 7.4.29 | — |
| oracle | mysql_cluster | 7.5.0 – 7.5.19 | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.4HIGH