[3.1] nodejs: Wildcard certificates not properly validated (CVE-2016-7099)
This is a high severity defect that would allow a malicious TLS server
to serve an invalid wildcard certificate for
its hostname and be improperly validated by a Node.js client. This is
due to a flaw in the validation of *. in the wildcard name string.
Fixed In Version:
nodejs 6.7.0, nodejs 4.6.0, nodejs 0.12.16, nodejs 0.10.47
References:
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7099
(from redmine: issue id 6337, created on 2016-10-12, closed on 2017-09-05)
- Relations:
- parent #6333