Skip to content

Commit 748dbf9

Browse files
Trotttargos
authored andcommitted
doc: simplify valid security issue descriptions
PR-URL: #23881 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent b4b101f commit 748dbf9

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

README.md

+4-5
Original file line numberDiff line numberDiff line change
@@ -182,18 +182,17 @@ nonetheless.
182182
### Private disclosure preferred
183183

184184
- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
185-
_Fix invalid wildcard certificate validation check_. This is a high severity
186-
defect that would allow a malicious TLS server to serve an invalid wildcard
187-
certificate for its hostname and be improperly validated by a Node.js client.
185+
_Fix invalid wildcard certificate validation check_. This was a high-severity
186+
defect. It caused Node.js TLS clients to accept invalid wildcard certificates.
188187

189188
- [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes
190189
the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities
191190
in the TLS/SSL protocols also affect Node.js.
192191

193192
- [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/):
194193
_Fix defects in HTTP header parsing for requests and responses that can allow
195-
response splitting_. While the impact of this vulnerability is application and
196-
network dependent, it is remotely exploitable in the HTTP protocol.
194+
response splitting_. This was a remotely-exploitable defect in the Node.js
195+
HTTP implementation.
197196

198197
When in doubt, please do send us a report.
199198

0 commit comments

Comments
 (0)