Skip to content

Commit

Permalink
doc: simplify valid security issue descriptions
Browse files Browse the repository at this point in the history
PR-URL: #23881
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
Trott authored and rvagg committed Nov 28, 2018
1 parent 7e98bc6 commit 03f9ded
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,18 +182,17 @@ nonetheless.
### Private disclosure preferred

- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
_Fix invalid wildcard certificate validation check_. This is a high severity
defect that would allow a malicious TLS server to serve an invalid wildcard
certificate for its hostname and be improperly validated by a Node.js client.
_Fix invalid wildcard certificate validation check_. This was a high-severity
defect. It caused Node.js TLS clients to accept invalid wildcard certificates.

- [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes
the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities
in the TLS/SSL protocols also affect Node.js.

- [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/):
_Fix defects in HTTP header parsing for requests and responses that can allow
response splitting_. While the impact of this vulnerability is application and
network dependent, it is remotely exploitable in the HTTP protocol.
response splitting_. This was a remotely-exploitable defect in the Node.js
HTTP implementation.

When in doubt, please do send us a report.

Expand Down

0 comments on commit 03f9ded

Please sign in to comment.