UNKNOWNCVE-2021-31597
Improper Certificate Validation in xmlhttprequest-ssl
Platform
nodejs
Component
xmlhttprequest-ssl
Fixed in
1.6.1
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
How to fix
Actualice el paquete xmlhttprequest-ssl a la versión 1.6.1 o superior. Esto asegura que la validación de certificados SSL esté habilitada correctamente y evita posibles vulnerabilidades de seguridad relacionadas con la falta de validación de certificados.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free