CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

The product does not validate, or incorrectly validates, a certificate.

Name	Vendor	Start Version	End Version
Node.js	Nodejs	12.0.0 (including)	12.18.0 (excluding)
Node.js	Nodejs	14.0.0 (including)	14.4.0 (excluding)
Red Hat Enterprise Linux 8	RedHat	nodejs:12-8020020200630155331.4cda2c84	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	nodejs:12-8010020200630154708.c27ad7f8	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-nodejs12-nodejs-0:12.18.2-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS	RedHat	rh-nodejs12-nodejs-0:12.18.2-1.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-nodejs12-nodejs-0:12.18.2-1.el7	*
Nodejs	Ubuntu	bionic	*
Nodejs	Ubuntu	eoan	*
Nodejs	Ubuntu	groovy	*
Nodejs	Ubuntu	hirsute	*
Nodejs	Ubuntu	impish	*
Nodejs	Ubuntu	kinetic	*
Nodejs	Ubuntu	trusty	*
Nodejs	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-8172
CWE	https://cwe.mitre.org/data/definitions/295.html

Improper Certificate Validation