AZL-45213

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-45213.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-45213

Upstream

CVE-2021-31597

Published

2021-04-23T00:15:08Z

Modified

2026-04-21T04:32:41.870050Z

Severity

9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

CVE-2021-31597 affecting package js-jquery 3.5.0-4

Details

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-31597

Affected packages

Azure Linux:3 / js-jquery

Package

Name: js-jquery
Purl: pkg:rpm/azure-linux/js-jquery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.5.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-45213.json"