File tree 1 file changed +4
-5
lines changed
1 file changed +4
-5
lines changed Original file line number Diff line number Diff line change @@ -182,18 +182,17 @@ nonetheless.
182
182
### Private disclosure preferred
183
183
184
184
- [ CVE-2016 -7099] ( https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ ) :
185
- _ Fix invalid wildcard certificate validation check_ . This is a high severity
186
- defect that would allow a malicious TLS server to serve an invalid wildcard
187
- certificate for its hostname and be improperly validated by a Node.js client.
185
+ _ Fix invalid wildcard certificate validation check_ . This was a high-severity
186
+ defect. It caused Node.js TLS clients to accept invalid wildcard certificates.
188
187
189
188
- [ #5507 ] ( https://github.com/nodejs/node/pull/5507 ) : _ Fix a defect that makes
190
189
the CacheBleed Attack possible_ . Many, though not all, OpenSSL vulnerabilities
191
190
in the TLS/SSL protocols also affect Node.js.
192
191
193
192
- [ CVE-2016 -2216] ( https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ ) :
194
193
_ Fix defects in HTTP header parsing for requests and responses that can allow
195
- response splitting_ . While the impact of this vulnerability is application and
196
- network dependent, it is remotely exploitable in the HTTP protocol .
194
+ response splitting_ . This was a remotely-exploitable defect in the Node.js
195
+ HTTP implementation .
197
196
198
197
When in doubt, please do send us a report.
199
198
You can’t perform that action at this time.
0 commit comments