Node.js team assessment of OpenSSL Security Advisory for OpenSSL 3.0.1 (CVE-2021-4044).

233 views
Skip to first unread message

midawson

unread,
Dec 16, 2021, 9:13:06 AM12/16/21
to nodejs-sec
The Node.js team has reviewed the OpenSSL Security Advisory for OpenSSL 3.0.1 (CVE-2021-4044). 

Versions of Node.js 17.x are affected. 

Due to the moderate severity, the difficulty of exploiting, and because 17.x is not an LTS release, we are planning to include the update to OpenSSL 3.0.1 in the next regular 17.x release which is planned for this week.

midawson

unread,
Dec 16, 2021, 9:22:34 AM12/16/21
to nodejs-sec
The link for the CVE was incorrect in the original post. Here is an updated version:

------------------------


The Node.js team has reviewed the OpenSSL Security Advisory for OpenSSL 3.0.1 (CVE-2021-4044). 

Versions of Node.js 17.x are affected. 

Due to the moderate severity, the difficulty of exploiting, and because 17.x is not an LTS release, we are planning to include the update to OpenSSL 3.0.1 in the next regular 17.x release which is planned for this week.

Reply all
Reply to author
Forward
0 new messages