CVE-2021-44531: 
MySQL vulnerability analysis and mitigation

CVE-2021-44531 is a security vulnerability discovered in Node.js versions prior to 12.22.9, 14.18.3, 16.13.2, and 17.3.1. The vulnerability relates to the improper handling of URI Subject Alternative Names (SANs) in certificate verification. Node.js was accepting URI SAN types, which PKIs are often not defined to use, and when a protocol allows URI SANs, Node.js did not match the URI correctly (Node.js Blog).

The vulnerability stems from Node.js accepting arbitrary Subject Alternative Name (SAN) types. Unless a PKI is specifically defined to use a particular SAN type, accepting arbitrary SAN types can result in bypassing name-constrained intermediates. The issue was rated as Medium severity. The vulnerability was discovered and reported by Google (Node.js Blog).

A successful exploitation of this vulnerability could lead to bypassing name-constrained intermediates in certificate verification, potentially compromising the security of TLS connections. This could allow attackers to bypass certain certificate validation checks (NVD).

The fix for this vulnerability was implemented by disabling the URI SAN type when checking a certificate against a hostname. The patched versions are Node.js v12.22.9, v14.18.3, v16.13.2, and v17.3.1. Users can revert this behavior through the --security-revert command-line option if needed (Node.js Blog).