You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We tracked and upgraded to several minor releases for node 22, but no release adopted latest openssl that can fix above CVEs. Is there any specific reason why node is not upgrading the openssl version?
AWS inspector is flagging all our images as vulnerable and asking to switch from 3.5.5 to 3.6.2.
We are using node 22.22.1 (https://nodejs.org/en/download/archive/v22.22.1) and it has several CVEs related to openssl:
https://nvd.nist.gov/vuln/detail/CVE-2026-31789
https://nvd.nist.gov/vuln/detail/CVE-2026-31789
https://nvd.nist.gov/vuln/detail/CVE-2026-28389
https://nvd.nist.gov/vuln/detail/CVE-2026-28390
https://nvd.nist.gov/vuln/detail/CVE-2026-31790
https://nvd.nist.gov/vuln/detail/CVE-2026-28388
https://nvd.nist.gov/vuln/detail/CVE-2026-28387
https://nvd.nist.gov/vuln/detail/CVE-2026-2673
https://nvd.nist.gov/vuln/detail/CVE-2026-28387
https://nvd.nist.gov/vuln/detail/CVE-2026-28390
https://nvd.nist.gov/vuln/detail/CVE-2026-28388
https://nvd.nist.gov/vuln/detail/CVE-2026-28389
https://nvd.nist.gov/vuln/detail/CVE-2026-31790
https://nvd.nist.gov/vuln/detail/CVE-2026-2673
We tracked and upgraded to several minor releases for node 22, but no release adopted latest openssl that can fix above CVEs. Is there any specific reason why node is not upgrading the openssl version?
AWS inspector is flagging all our images as vulnerable and asking to switch from 3.5.5 to 3.6.2.