{"url":"http://public2.vulnerablecode.io/api/packages/428697?format=json","purl":"pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=x86&distroversion=v3.18&reponame=community","type":"apk","namespace":"alpine","name":"nodejs-current","version":"18.6.0-r0","qualifiers":{"arch":"x86","distroversion":"v3.18","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"18.9.1-r0","latest_non_vulnerable_version":"20.8.1-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95323?format=json","vulnerability_id":"VCID-gmpk-vjab-kqcu","summary":"A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20004","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20079","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20073","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19968","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19986","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422","reference_id":"2105422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/428697?format=json","purl":"pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.6.0-r0%3Farch=x86&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2022-32212"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmpk-vjab-kqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95327?format=json","vulnerability_id":"VCID-v3n3-6d6a-k3dv","summary":"A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32222","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.7041","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70451","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.7046","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70442","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70431","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70454","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105424","reference_id":"2105424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105424"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/428697?format=json","purl":"pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.6.0-r0%3Farch=x86&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/332526?format=json","purl":"pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=x86&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2022-32222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3n3-6d6a-k3dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92405?format=json","vulnerability_id":"VCID-wz2v-rmu5-abgp","summary":"The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"0.39294","scoring_system":"epss","scoring_elements":"0.97376","published_at":"2026-06-09T12:55:00Z"},{"value":"0.39294","scoring_system":"epss","scoring_elements":"0.97368","published_at":"2026-06-04T12:55:00Z"},{"value":"0.39294","scoring_system":"epss","scoring_elements":"0.97373","published_at":"2026-06-05T12:55:00Z"},{"value":"0.39294","scoring_system":"epss","scoring_elements":"0.97374","published_at":"2026-06-07T12:55:00Z"},{"value":"0.39294","scoring_system":"epss","scoring_elements":"0.97375","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb"},{"reference_url":"https://hackerone.com/reports/1524692","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1524692"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220915-0001/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5326","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428","reference_id":"2105428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428"},{"reference_url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4","reference_id":"GHSA-q5vx-44v4-gch4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/428697?format=json","purl":"pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.6.0-r0%3Farch=x86&distroversion=v3.18&reponame=community"}],"aliases":["CVE-2022-32214","GHSA-q5vx-44v4-gch4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz2v-rmu5-abgp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.6.0-r0%3Farch=x86&distroversion=v3.18&reponame=community"}