{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T11:42:45.252","vulnerabilities":[{"cve":{"id":"CVE-2017-15896","sourceIdentifier":"cve-request@iojs.org","published":"2017-12-11T21:29:00.517","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption."},{"lang":"es","value":"Node.js se ha visto afectado por una vulnerabilidad de OpenSSL (CVE-2017-3737) en relación con el uso de SSL_read() debido a un error en la negociación TLS. El resultado era que un atacante de una red activa podría enviar datos de la aplicación a Node.js empleando los módulos TLS o HTTP2 de forma que omitan la autenticación y codificación TLS."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.1.2","matchCriteriaId":"A47FC4F7-1F77-4314-B4B3-3C5D8E335379"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.8.7","matchCriteriaId":"3818E441-8DC4-42E6-8D11-E58D195CBE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.8.1","matchCriteriaId":"D107EC29-67E7-40C3-8E5A-324C9105C5E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"6.9.0","versionEndExcluding":"6.12.2","matchCriteriaId":"BEA03114-7288-4E7C-9220-C0ABCD5F0389"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.8.1","matchCriteriaId":"74FB695D-2C76-47AB-988E-5629D2E695E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"8.9.0","versionEndExcluding":"8.9.3","matchCriteriaId":"C45E9D50-CD3D-480B-B9B8-451ADFF26505"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.1","matchCriteriaId":"82FDBB10-3298-4C9A-9CC0-D34643AEC868"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/","source":"cve-request@iojs.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}