diff options
| -rw-r--r-- | README.md | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -182,9 +182,8 @@ nonetheless. ### Private disclosure preferred - [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): - _Fix invalid wildcard certificate validation check_. This is a high severity - defect that would allow a malicious TLS server to serve an invalid wildcard - certificate for its hostname and be improperly validated by a Node.js client. + _Fix invalid wildcard certificate validation check_. This was a high-severity + defect. It caused Node.js TLS clients to accept invalid wildcard certificates. - [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities @@ -192,8 +191,8 @@ nonetheless. - [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): _Fix defects in HTTP header parsing for requests and responses that can allow - response splitting_. While the impact of this vulnerability is application and - network dependent, it is remotely exploitable in the HTTP protocol. + response splitting_. This was a remotely-exploitable defect in the Node.js + HTTP implementation. When in doubt, please do send us a report. |