7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.4%
For the vulnerabilities disclosed in the OpenSSL Security Advisories of:
Node.js (Windows) is affected by one vulnerability rated as LOW. Therefore, these patches will be released in regular Node.js releases.
Our assessment of the following security advisories:
is:
Node.js is affected by this vulnerability. The CVE-2023-4807 affects Windows users, and the vulnerability is rated as LOW by the OpenSSL Security Team.
Node.js doesnโt make use or export EVP_EncryptInit_ex2()
, EVP_DecryptInit_ex2()
or EVP_CipherInit_ex2()
functions. Node.js is not affected.
Users who call the affected OpenSSL functions through other means, such as through native addons, can dynamically link against a patched version of OpenSSL until new releases of Node.js are available.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.4%