File tree 1 file changed +4
-5
lines changed
1 file changed +4
-5
lines changed Original file line number Diff line number Diff line change @@ -182,18 +182,17 @@ nonetheless.
182182### Private disclosure preferred
183183
184184- [ CVE-2016 -7099] ( https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ ) :
185- _ Fix invalid wildcard certificate validation check_ . This is a high severity
186- defect that would allow a malicious TLS server to serve an invalid wildcard
187- certificate for its hostname and be improperly validated by a Node.js client.
185+ _ Fix invalid wildcard certificate validation check_ . This was a high-severity
186+ defect. It caused Node.js TLS clients to accept invalid wildcard certificates.
188187
189188- [ #5507 ] ( https://github.com/nodejs/node/pull/5507 ) : _ Fix a defect that makes
190189 the CacheBleed Attack possible_ . Many, though not all, OpenSSL vulnerabilities
191190 in the TLS/SSL protocols also affect Node.js.
192191
193192- [ CVE-2016 -2216] ( https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ ) :
194193 _ Fix defects in HTTP header parsing for requests and responses that can allow
195- response splitting_ . While the impact of this vulnerability is application and
196- network dependent, it is remotely exploitable in the HTTP protocol .
194+ response splitting_ . This was a remotely-exploitable defect in the Node.js
195+ HTTP implementation .
197196
198197When in doubt, please do send us a report.
199198
You can’t perform that action at this time.
0 commit comments