CVE-2022-38900
Description
Important: nodejs:14 security, bug fix, and enhancement update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-1743.html
Vendor advisory: alma — https://bugzilla.redhat.com/2172217
Vendor advisory: alma — https://bugzilla.redhat.com/2171935
Vendor advisory: alma — https://bugzilla.redhat.com/2168631
Vendor advisory: alma — https://bugzilla.redhat.com/2165824
Vendor advisory: alma — https://bugzilla.redhat.com/2156324
Vendor advisory: alma — https://bugzilla.redhat.com/2134609
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:1743
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6316.html
Vendor advisory: alma — https://bugzilla.redhat.com/2170644
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:1743
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6316
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | decode-uri-component | <0.2.1 | 0.2.1 |
References
- https://access.redhat.com/errata/RHSA-2023:6316
- https://errata.rockylinux.org/RLSA-2023:1743
- https://nvd.nist.gov/vuln/detail/CVE-2022-38900
- https://github.com/SamVerschueren/decode-uri-component/issues/5
- https://github.com/sindresorhus/query-string/issues/345
- https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9
- https://github.com/SamVerschueren/decode-uri-component
- https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU
- https://bugzilla.redhat.com/2170644
- https://errata.almalinux.org/9/ALSA-2023-6316.html
- https://access.redhat.com/errata/RHSA-2023:1743
- https://bugzilla.redhat.com/2134609
- https://bugzilla.redhat.com/2156324
- https://bugzilla.redhat.com/2165824
- https://bugzilla.redhat.com/2168631
- https://bugzilla.redhat.com/2171935
- https://bugzilla.redhat.com/2172217
- https://errata.almalinux.org/8/ALSA-2023-1743.html
Verify integrity in audit chain (admin only). AS-IS.