CVE-2022-38900
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.0
Description
RHSA-2023:1743: nodejs:14 security, bug fix, and enhancement update (Important)
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | pcs-snmp-0.11.6-3.el9.x86_64.rpm |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | decode-uri-component | <0.2.1 | 0.2.1 |
References
- https://access.redhat.com/errata/RHSA-2023:6316
- https://errata.rockylinux.org/RLSA-2023:1743
- https://nvd.nist.gov/vuln/detail/CVE-2022-38900
- https://github.com/SamVerschueren/decode-uri-component/issues/5
- https://github.com/sindresorhus/query-string/issues/345
- https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9
- https://github.com/SamVerschueren/decode-uri-component
- https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU
- https://bugzilla.redhat.com/2170644
- https://errata.almalinux.org/9/ALSA-2023-6316.html
- https://access.redhat.com/errata/RHSA-2023:1743
- https://bugzilla.redhat.com/2134609
- https://bugzilla.redhat.com/2156324
- https://bugzilla.redhat.com/2165824
- https://bugzilla.redhat.com/2168631
- https://bugzilla.redhat.com/2171935
- https://bugzilla.redhat.com/2172217
- https://errata.almalinux.org/8/ALSA-2023-1743.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.