Version
v20.20.0
Platform
Linux 5af924a78c94 6.17.8-orbstack-00308-g8f9c941121b1 #1 SMP PREEMPT Thu Nov 20 09:34:02 UTC 2025 aarch64 Linux
Subsystem
No response
What steps will reproduce the bug?
CVE-2025-15467 is patched in openssl 3.0.19, but node 20.20.0 is built using 3.0.17, AWS inspector finds 3.0.17 in 3 files:
/usr/local/include/node/openssl/archs/linux-x86_64/asm/include/openssl/opensslv.h
/usr/local/include/node/openssl/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h
/usr/local/include/node/openssl/archs/linux-x86_64/no-asm/include/openssl/opensslv.h
How often does it reproduce? Is there a required condition?
everytime, no required conditions
What is the expected behavior? Why is that the expected behavior?
3.0.19 in the built version of node
What do you see instead?
3.0.17
Additional information
No response
Version
v20.20.0
Platform
Subsystem
No response
What steps will reproduce the bug?
CVE-2025-15467 is patched in openssl 3.0.19, but node 20.20.0 is built using 3.0.17, AWS inspector finds 3.0.17 in 3 files:
/usr/local/include/node/openssl/archs/linux-x86_64/asm/include/openssl/opensslv.h
/usr/local/include/node/openssl/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h
/usr/local/include/node/openssl/archs/linux-x86_64/no-asm/include/openssl/opensslv.h
How often does it reproduce? Is there a required condition?
everytime, no required conditions
What is the expected behavior? Why is that the expected behavior?
3.0.19 in the built version of node
What do you see instead?
3.0.17
Additional information
No response