Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community

Type apk

Namespace alpine

Name nodejs-current

Version 18.9.1-r0

Qualifiers

arch	loongarch64
distroversion	v3.22
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 20.8.1-r0

Latest_non_vulnerable_version 21.7.2-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2ju8-prgz-c7be

vulnerability_id VCID-2ju8-prgz-c7be

summary The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35256

reference_id

reference_type

scores

value	0.03694
scoring_system	epss
scoring_elements	0.88151
published_at	2026-06-04T12:55:00Z

value	0.03694
scoring_system	epss
scoring_elements	0.88174
published_at	2026-06-08T12:55:00Z

value	0.03694
scoring_system	epss
scoring_elements	0.88172
published_at	2026-06-05T12:55:00Z

value	0.03694
scoring_system	epss
scoring_elements	0.88175
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1675191

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/

url

https://hackerone.com/reports/1675191

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130518
reference_id	2130518
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130518

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-35256
reference_id	CVE-2022-35256
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-35256

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6963
reference_id	RHSA-2022:6963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6963

reference_url	https://access.redhat.com/errata/RHSA-2022:6964
reference_id	RHSA-2022:6964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6964

reference_url	https://access.redhat.com/errata/RHSA-2022:7044
reference_id	RHSA-2022:7044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7044

reference_url	https://access.redhat.com/errata/RHSA-2022:7821
reference_id	RHSA-2022:7821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7821

reference_url	https://access.redhat.com/errata/RHSA-2022:7830
reference_id	RHSA-2022:7830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7830

reference_url	https://access.redhat.com/errata/RHSA-2023:0321
reference_id	RHSA-2023:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0321

reference_url	https://access.redhat.com/errata/RHSA-2023:1533
reference_id	RHSA-2023:1533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1533

reference_url	https://access.redhat.com/errata/RHSA-2023:1742
reference_id	RHSA-2023:1742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1742

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

aliases CVE-2022-35256

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ju8-prgz-c7be

url VCID-6zhu-gmzy-gyfn

vulnerability_id VCID-6zhu-gmzy-gyfn

summary The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32213

reference_id

reference_type

scores

value	0.86318
scoring_system	epss
scoring_elements	0.99422
published_at	2026-06-07T12:55:00Z

value	0.86318
scoring_system	epss
scoring_elements	0.9942
published_at	2026-06-04T12:55:00Z

value	0.86318
scoring_system	epss
scoring_elements	0.99421
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32213

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

reference_url

https://hackerone.com/reports/1524555

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1524555

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/

reference_url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

reference_url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32213

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32213

reference_url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0001

reference_url	https://security.netapp.com/advisory/ntap-20220915-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0001/

reference_url

https://www.debian.org/security/2023/dsa-5326

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5326

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105430
reference_id	2105430
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105430

reference_url

https://github.com/advisories/GHSA-5689-v88g-g6rv

reference_id

GHSA-5689-v88g-g6rv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5689-v88g-g6rv

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

aliases CVE-2022-32213, GHSA-5689-v88g-g6rv

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zhu-gmzy-gyfn

url VCID-88qj-jv7q-muec

vulnerability_id VCID-88qj-jv7q-muec

summary The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32215

reference_id

reference_type

scores

value	0.86472
scoring_system	epss
scoring_elements	0.99428
published_at	2026-06-04T12:55:00Z

value	0.86472
scoring_system	epss
scoring_elements	0.99429
published_at	2026-06-08T12:55:00Z

value	0.86472
scoring_system	epss
scoring_elements	0.9943
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1501679
reference_id
reference_type
scores
url	https://hackerone.com/reports/1501679

reference_url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
reference_id
reference_type
scores
url	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105426
reference_id	2105426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105426

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-32215
reference_id	CVE-2022-32215
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-32215

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url	https://access.redhat.com/errata/RHSA-2022:6389
reference_id	RHSA-2022:6389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6389

reference_url	https://access.redhat.com/errata/RHSA-2022:6448
reference_id	RHSA-2022:6448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6448

reference_url	https://access.redhat.com/errata/RHSA-2022:6449
reference_id	RHSA-2022:6449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6449

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

reference_url	https://access.redhat.com/errata/RHSA-2022:6985
reference_id	RHSA-2022:6985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6985

reference_url	https://usn.ubuntu.com/6491-1/
reference_id	USN-6491-1
reference_type
scores
url	https://usn.ubuntu.com/6491-1/

fixed_packages

url	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

aliases CVE-2022-32215

risk_score 10.0

exploitability 2.0

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88qj-jv7q-muec

url VCID-rrqj-2hwy-rkc7

vulnerability_id VCID-rrqj-2hwy-rkc7

summary A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35255.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35255

reference_id

reference_type

scores

value	0.01213
scoring_system	epss
scoring_elements	0.79342
published_at	2026-06-08T12:55:00Z

value	0.01213
scoring_system	epss
scoring_elements	0.79328
published_at	2026-06-04T12:55:00Z

value	0.01213
scoring_system	epss
scoring_elements	0.79354
published_at	2026-06-05T12:55:00Z

value	0.01213
scoring_system	epss
scoring_elements	0.79359
published_at	2026-06-06T12:55:00Z

value	0.01213
scoring_system	epss
scoring_elements	0.79352
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1690000

reference_id

1690000

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/

url

https://hackerone.com/reports/1690000

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2130517
reference_id	2130517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2130517

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

reference_url

https://security.netapp.com/advisory/ntap-20230113-0002/

reference_id

ntap-20230113-0002

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-24T13:23:49Z/

url

https://security.netapp.com/advisory/ntap-20230113-0002/

reference_url	https://access.redhat.com/errata/RHSA-2022:6963
reference_id	RHSA-2022:6963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6963

reference_url	https://access.redhat.com/errata/RHSA-2022:6964
reference_id	RHSA-2022:6964
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6964

reference_url	https://access.redhat.com/errata/RHSA-2022:7821
reference_id	RHSA-2022:7821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7821

fixed_packages

url	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

aliases CVE-2022-35255

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrqj-2hwy-rkc7

url VCID-v3n3-6d6a-k3dv

vulnerability_id VCID-v3n3-6d6a-k3dv

summary A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32222

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.7041
published_at	2026-06-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70451
published_at	2026-06-05T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70431
published_at	2026-06-08T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.7046
published_at	2026-06-06T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70442
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32222

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2105424
reference_id	2105424
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2105424

reference_url	https://security.gentoo.org/glsa/202405-29
reference_id	GLSA-202405-29
reference_type
scores
url	https://security.gentoo.org/glsa/202405-29

fixed_packages

url	pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.6.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/nodejs-current@18.9.1-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

aliases CVE-2022-32222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3n3-6d6a-k3dv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs-current@18.9.1-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

Package Instance