vulnerability

Debian: CVE-2022-21704: node-log4js -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Jan 19, 2022	Dec 9, 2022	Aug 15, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Jan 19, 2022

Added

Dec 9, 2022

Modified

Aug 15, 2025

Description

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.

Solution

debian-upgrade-node-log4js

References

CVE-2022-21704
https://attackerkb.com/topics/CVE-2022-21704
CWE-276
DEBIAN-DLA-3229-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today