diff --git a/SECURITY.md b/SECURITY.md index 02c9f83aa32c1a..e815fbbd538217 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -126,7 +126,7 @@ lead to a loss of confidentiality, integrity, or availability. See . Any unexpected behavior from the data manipulation from Node.js Internal -functions may be considered a vulnerability if they are expoitable via +functions may be considered a vulnerability if they are exploitable via untrusted resources. In addition to addressing vulnerabilities based on the above, the project works @@ -144,7 +144,7 @@ the community they pose. #### Improper Certificate Validation (CWE-295) * Node.js provides APIs to validate handling of Subject Alternative Names (SANs) - in certficates used to connect to a TLS/SSL endpoint. If certificates can be + in certificates used to connect to a TLS/SSL endpoint. If certificates can be crafted which result in incorrect validation by the Node.js APIs that is considered a vulnerability.