cbcvebase.
CVE-2022-32222
published 2022-07-14

CVE-2022-32222: A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

Affected

19 ranges
VendorProductVersion rangeFixed in
debiannodejs
nodejsnode>= 10.0 < 10.*10.*
nodejsnode>= 11.0 < 11.*11.*
nodejsnode>= 12.0 < 12.*12.*
nodejsnode>= 13.0 < 13.*13.*
nodejsnode>= 14.0 < 14.20.014.20.0
nodejsnode>= 15.0 < 15.*15.*
nodejsnode>= 16.0 < 16.20.016.20.0
nodejsnode>= 17.0 < 17.*17.*
nodejsnode>= 18.0 < 18.9.118.9.1
nodejsnode>= 4.0 < 4.*4.*
nodejsnode>= 5.0 < 5.*5.*
nodejsnode>= 6.0 < 6.*6.*
nodejsnode>= 7.0 < 7.*7.*
nodejsnode>= 8.0 < 8.*8.*
nodejsnode>= 9.0 < 9.*9.*
nodejsnode.js>= 18.0.0 < 18.5.018.5.0
siemenssinec_ins< 1.01.0
siemenssinec_ins