The vulnerability in the OpenSSL Security Advisory of Dec 13 2022 do not affect any active Node.js release lines.
Our assessment of the security advisory is:
Node.js doesn’t call OpenSSL as a separate process (so the possibility to use the
flag is invalid), nor call
Therefore, Node.js is not affected by this vulnerability.
The current Node.js security policy can be found at https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security,
including information on how to report a vulnerability in Node.js.
Subscribe to the low-volume announcement-only nodejs-sec mailing list at
https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on
security vulnerabilities and security-related releases of Node.js and the
projects maintained in the
nodejs GitHub organization.