CVE-2022-32222 When Node.js starts on linux based systems, it attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily doesn't exist. On some shared systems an attacker may be able create this file and therefore affect the default OpenSSL configuration for other users. Thank you to Michael Scovetta from the OpenSSF Alpha-Omega project for reporting this vulnerability. Impacts: Node.js 18.x
Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108480]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32222