{"url":"http://public2.vulnerablecode.io/api/packages/98321?format=json","purl":"pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.0-2?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs14-nodejs","version":"14.20.0-2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62475?format=json","vulnerability_id":"VCID-7tpb-9zrz-e7e1","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20041","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19901","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19911","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19809","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422","reference_id":"2105422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105422"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[],"aliases":["CVE-2022-32212"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-9zrz-e7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53859?format=json","vulnerability_id":"VCID-8c4g-fjsa-nkhw","summary":"llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields\nThe llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. The LF character (without CR) is sufficient to delimit HTTP header fields in the lihttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This can lead to HTTP Request Smuggling (HRS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.45841","scoring_system":"epss","scoring_elements":"0.97611","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb"},{"reference_url":"https://hackerone.com/reports/1524692","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1524692"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32214"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220915-0001/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5326","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428","reference_id":"2105428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105428"},{"reference_url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4","reference_id":"GHSA-q5vx-44v4-gch4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5vx-44v4-gch4"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[],"aliases":["CVE-2022-32214","GHSA-q5vx-44v4-gch4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c4g-fjsa-nkhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53933?format=json","vulnerability_id":"VCID-b54b-pd2b-bygm","summary":"llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding\nThe llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).\n\nImpacts:\n\n- All versions of the nodejs 18.x, 16.x, and 14.x releases lines.\n- llhttp v6.0.7 and llhttp v2.1.5 contains the fixes that were updated inside Node.js","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32213","reference_id":"","reference_type":"","scores":[{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.9956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.89626","scoring_system":"epss","scoring_elements":"0.99557","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32213"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb"},{"reference_url":"https://hackerone.com/reports/1524555","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1524555"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32213","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32213"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220915-0001/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5326","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5326"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105430","reference_id":"2105430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105430"},{"reference_url":"https://github.com/advisories/GHSA-5689-v88g-g6rv","reference_id":"GHSA-5689-v88g-g6rv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5689-v88g-g6rv"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[],"aliases":["CVE-2022-32213","GHSA-5689-v88g-g6rv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b54b-pd2b-bygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62476?format=json","vulnerability_id":"VCID-wzcw-dd7m-zkaz","summary":"Multiple vulnerabilities have been discovered in Node.js.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32215","reference_id":"","reference_type":"","scores":[{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.9951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99513","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88764","scoring_system":"epss","scoring_elements":"0.99512","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1501679","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1501679"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105426","reference_id":"2105426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32215","reference_id":"CVE-2022-32215","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32215"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6389","reference_id":"RHSA-2022:6389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6448","reference_id":"RHSA-2022:6448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6985","reference_id":"RHSA-2022:6985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6985"},{"reference_url":"https://usn.ubuntu.com/6491-1/","reference_id":"USN-6491-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6491-1/"}],"fixed_packages":[],"aliases":["CVE-2022-32215"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcw-dd7m-zkaz"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.0-2%3Farch=el7"}