Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: nodejs
Published: 2017-12-11T21:00:00Z
Updated: 2024-09-16T19:50:49.572Z
Reserved: 2017-10-25T00:00:00
Link: CVE-2017-15896
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-12-11T21:29:00.517
Modified: 2024-11-21T03:15:25.747
Link: CVE-2017-15896
Redhat