James Bunton

**Name of the Vulnerable Software and Affected Versions** Node.js versions 0.10.x through 0.10.46 Node.js versions 0.12.x through 0.12.15 Node.js versions 4.x through 4.5.0 Node.js versions 6.x through 6.6.0 **Description** The issue arises from the tls.checkServerIdentity function not properly handling wildcards in name fields of X.509 certificates. This allows man-in-the-middle attackers to spoof servers via a crafted certificate. **Recommendations** For Node.js versions 0.10.x through 0.10.46, update to version 0.10.47 or later. For Node.js versions 0.12.x through 0.12.15, update to version 0.12.16 or later. For Node.js versions 4.x through 4.5.0, update to version 4.6.0 or later. For Node.js versions 6.x through 6.6.0, update to version 6.7.0 or later.