CVE-2022-21704

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21704

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21704.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21704

Aliases

GHSA-82v2-mx6x-wq7q

Related

Published

2022-01-19T23:15:08Z

Modified

2025-01-14T10:42:07.988598Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.

References

Affected packages

Debian:11 / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/debian/node-log4js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.0+~cs8.3.10-1+deb11u1

Affected versions

6.*

6.3.0+~cs8.3.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/debian/node-log4js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1+~cs8.3.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/debian/node-log4js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1+~cs8.3.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/log4js-node/log4js-node

Affected ranges

Type: GIT
Repo: https://github.com/log4js-node/log4js-node
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9fdbed5ad45d1b09b35c1ef5355ba726b60cb702

Affected versions

v0.*

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.6.0

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.18

v0.6.19

v0.6.2

v0.6.20

v0.6.21

v0.6.22

v0.6.23

v0.6.24

v0.6.25

v0.6.26

v0.6.27

v0.6.28

v0.6.29

v0.6.3

v0.6.30

v0.6.31

v0.6.32

v0.6.33

v0.6.34

v0.6.35

v0.6.36

v0.6.37

v0.6.38

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v1.*

v1.0.1

v1.1.0

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.11.0

v2.2.0

v2.3.0

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.1

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.6.0

v2.6.1

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.1.1

v4.2.0

v4.3.0

v4.3.1

v4.3.2

v4.4.0

v4.5.0

v4.5.1

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.2.1

v5.2.2

v5.3.0

v6.*

v6.0.0

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.3.0