CVE-2022-29244
Description
Moderate: nodejs and nodejs-nodemon security and bug fix update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2022-6595.html
Vendor advisory: alma — https://bugzilla.redhat.com/2105430
Vendor advisory: alma — https://bugzilla.redhat.com/2105428
Vendor advisory: alma — https://bugzilla.redhat.com/2105426
Vendor advisory: alma — https://bugzilla.redhat.com/2105422
Vendor advisory: alma — https://bugzilla.redhat.com/2102001
Vendor advisory: alma — https://bugzilla.redhat.com/2098556
Vendor advisory: alma — https://bugzilla.redhat.com/2007557
Vendor advisory: alma — https://bugzilla.redhat.com/1964461
Vendor advisory: alma — https://bugzilla.redhat.com/1945459
Vendor advisory: alma — https://bugzilla.redhat.com/1907444
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2022:6595
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-29244.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2022:6595
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | npm | >=7.9.0,<8.11.0 | 8.11.0 |
References
- https://access.redhat.com/errata/RHSA-2022:6595
- https://www.suse.com/security/cve/CVE-2022-29244.html
- https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52
- https://nvd.nist.gov/vuln/detail/CVE-2022-29244
- https://github.com/nodejs/node/pull/43210
- https://github.com/nodejs/node/releases/tag/v16.15.1
- https://github.com/nodejs/node/releases/tag/v17.9.1
- https://github.com/nodejs/node/releases/tag/v18.3.0
- https://github.com/npm/cli
- https://github.com/npm/cli/releases/tag/v8.11.0
- https://github.com/npm/cli/tree/latest/workspaces/libnpmpack
- https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish
- https://github.com/npm/npm-packlist
- https://security.netapp.com/advisory/ntap-20220722-0007
- https://errata.rockylinux.org/RLSA-2022:6595
- https://bugzilla.redhat.com/1907444
- https://bugzilla.redhat.com/1945459
- https://bugzilla.redhat.com/1964461
- https://bugzilla.redhat.com/2007557
- https://bugzilla.redhat.com/2098556
- https://bugzilla.redhat.com/2102001
- https://bugzilla.redhat.com/2105422
- https://bugzilla.redhat.com/2105426
- https://bugzilla.redhat.com/2105428
- https://bugzilla.redhat.com/2105430
Verify integrity in audit chain (admin only). AS-IS.