xmlhttprequest-ssl is vulnerable to certificate validation bypass. The vulnerability exists because rejectUnauthorized
is set to false by default, leading to bypass of certificate validation in the https.request
function of Node.js
.
CPE | Name | Operator | Version |
---|---|---|---|
xmlhttprequest-ssl | le | 1.6.0 | |
xmlhttprequest-ssl | le | 1.5.5 |