Node-openssl Project - Node-openssl CVE

Filtered by vendor Node-openssl Project Subscribe

Filtered by product Node-openssl

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-49210	1 Node-openssl Project	1 Node-openssl	2023-11-30	N/A	9.8 CRITICAL
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vulnerabilities (CVE)