PT-2020-3310 · Node.Js+6 · Node.Js+6

Published

2020-03-05

Updated

2026-05-18

CVE-2020-8172

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 12.18.0 Node.js versions prior to 14.4.0

Description The issue is related to the implementation of the TLS protocol in Node.js, specifically with deficiencies in certificate authentication verification. This can potentially allow a remote attacker to perform a man-in-the-middle attack by exploiting the TLS session reuse, leading to a host certificate verification bypass.

Recommendations For Node.js versions prior to 12.18.0, update to version 12.18.0 or later. For Node.js versions prior to 14.4.0, update to version 14.4.0 or later.

Exploit

Fix

Improper Authorization

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-295

Related Identifiers

ALSA-2020:2852

ALT-PU-2020-2223

ALT-PU-2020-2926

ALT-PU-2022-3073

BDU:2020-03621

BIT-NODE-2020-8172

BIT-NODE-MIN-2020-8172

CESA-2020_2852

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2020-8172

OPENSUSE-SU-2024:11096-1

RHSA-2020:2847

RHSA-2020:2852

RHSA-2020:2895

RHSA-2020_2852

RLSA-2020:2852

SUSE-SU-2020:1606-1

SUSE-SU-2020_1606-1

Affected Products

Alt Linux

Almalinux

Centos

Node.Js

Red Hat

Rocky Linux

Suse

PT-2020-3310 · Node.Js+6 · Node.Js+6

CVE-2020-8172

Weakness Enumeration

Related Identifiers

Affected Products

References · 206