Lucene search
Veracode Vulnerability DatabaseVERACODE:36547HistoryAug 01, 2022 - 12:05 p.m.
Authentication Bypass
2022-08-0112:05:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
59.1%
co.fs2:fs2-io is vulnerable to authentication bypass. A remote attacker is able to skip peer certificate verification, because requestCert = true parameter is ignored when establishing a server-mode TLSSocket on Node.js.
References
github.com/advisories/GHSA-2cpx-6pqp-wf35
github.com/nodejs/node/issues/43994
github.com/typelevel/fs2/commit/19ce392e8093d9571387dbd78e159e655a85aeea
github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207
github.com/typelevel/fs2/releases/tag/v3.2.11
github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35
Related
osv
osv
CVE-2022-31183
2022-08-01 20:15:08
fs2-io skips mTLS client verification
2022-07-29 22:24:10
gitlab
gitlab
fs2-io skips mTLS client verification
2022-07-29 00:00:00
Improper Certificate Validation
2022-08-01 00:00:00
Improper Certificate Validation
2022-08-01 00:00:00
prion
prion
Design/Logic Flaw
2022-08-01 20:15:00
cve
cve
CVE-2022-31183
2022-08-01 20:15:08
github
github
fs2-io skips mTLS client verification
2022-07-29 22:24:10
cvelist
cvelist
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
2022-08-01 19:50:11
nvd
nvd
CVE-2022-31183
2022-08-01 20:15:08