Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-2581 (GCVE-0-2026-2581)
Vulnerability from cvelistv5 – Published: 2026-03-12 20:13 – Updated: 2026-03-13 18:04- CWE-770 - Allocation of resources without limits or throttling
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T18:04:49.981133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T18:04:58.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/nodejs/undici/",
"defaultStatus": "unaffected",
"packageName": "undici",
"product": "undici",
"repo": "https://github.com/nodejs/undici/",
"vendor": "undici",
"versions": [
{
"status": "affected",
"version": "\u003c 6.24.0; 7.0.0 \u003c 7.24.0"
},
{
"status": "unaffected",
"version": "6.24.0: 7.24.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Matteo Collina"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ulises Gasc\u00f3n"
},
{
"lang": "en",
"type": "finder",
"value": "Adnan Jakati"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIn vulnerable Undici versions, when\u0026nbsp;\u003ccode\u003einterceptors.deduplicate()\u003c/code\u003e\u0026nbsp;is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\u003c/p\u003e\u003cp\u003eImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\u003c/p\u003e\u003ch2\u003ePatches\u003c/h2\u003e\u003cp\u003eThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\u003c/p\u003e\u003cp\u003eUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when\u00a0interceptors.deduplicate()\u00a0is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\nPatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of resources without limits or throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T20:13:19.571Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"url": "https://hackerone.com/reports/3513473"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"source": {
"advisory": "GHSA-phc3-fgpg-7m6h",
"discovery": "EXTERNAL"
},
"title": "undici is vulnerable to Unbounded Memory Consumption in in Undici\u0027s DeduplicationHandler via Response Buffering leads to DoS",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-2581",
"datePublished": "2026-03-12T20:13:19.571Z",
"dateReserved": "2026-02-16T12:07:35.310Z",
"dateUpdated": "2026-03-13T18:04:58.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2581",
"date": "2026-07-01",
"epss": "0.00566",
"percentile": "0.42764"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2581\",\"sourceIdentifier\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"published\":\"2026-03-12T21:16:25.930\",\"lastModified\":\"2026-06-17T10:31:21.140\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\\n\\nIn vulnerable Undici versions, when\u00a0interceptors.deduplicate()\u00a0is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\\n\\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\\n\\nPatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\\n\\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\"},{\"lang\":\"es\",\"value\":\"Esta es una vulnerabilidad de consumo de recursos no controlado (CWE-400) que puede conducir a una denegaci\u00f3n de servicio (DoS).\\n\\nEn versiones vulnerables de Undici, cuando interceptors.deduplicate() est\u00e1 habilitado, los datos de respuesta para solicitudes deduplicadas podr\u00edan acumularse en la memoria para los manejadores posteriores. Un endpoint ascendente controlado por un atacante o no confiable puede explotar esto con respuestas grandes/en fragmentos y solicitudes id\u00e9nticas concurrentes, causando un alto uso de memoria y una posible terminaci\u00f3n del proceso por OOM.\\n\\nLos usuarios afectados son aplicaciones que utilizan el interceptor de deduplicaci\u00f3n de Undici contra endpoints que pueden producir cuerpos de respuesta grandes o de larga duraci\u00f3n.\\n\\nParches. El problema ha sido parcheado cambiando el comportamiento de deduplicaci\u00f3n para transmitir fragmentos de respuesta a los manejadores posteriores a medida que llegan (en lugar de la acumulaci\u00f3n del cuerpo completo), y evitando la deduplicaci\u00f3n tard\u00eda cuando la transmisi\u00f3n del cuerpo ya ha comenzado.\\n\\nLos usuarios deber\u00edan actualizar a las primeras versiones oficiales de Undici (y Node.js, cuando corresponda) que incluyan este parche.\"}],\"affected\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"affectedData\":[{\"vendor\":\"undici\",\"product\":\"undici\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com/nodejs/undici/\",\"packageName\":\"undici\",\"repo\":\"https://github.com/nodejs/undici/\",\"versions\":[{\"version\":\"\u003c 6.24.0; 7.0.0 \u003c 7.24.0\",\"status\":\"affected\"},{\"version\":\"6.24.0: 7.24.0\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-13T18:04:49.981133Z\",\"id\":\"CVE-2026-2581\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.17.0\",\"versionEndExcluding\":\"7.24.0\",\"matchCriteriaId\":\"F59DFD47-C8E0-425D-86EA-D9B0496EA2B6\"}]}]}],\"references\":[{\"url\":\"https://cna.openjsf.org/security-advisories.html\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/3513473\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2581\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-13T18:04:49.981133Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-13T18:04:54.993Z\"}}], \"cna\": {\"title\": \"undici is vulnerable to Unbounded Memory Consumption in in Undici\u0027s DeduplicationHandler via Response Buffering leads to DoS\", \"source\": {\"advisory\": \"GHSA-phc3-fgpg-7m6h\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Matteo Collina\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Ulises Gasc\\u00f3n\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Adnan Jakati\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/nodejs/undici/\", \"vendor\": \"undici\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.24.0; 7.0.0 \u003c 7.24.0\"}, {\"status\": \"unaffected\", \"version\": \"6.24.0: 7.24.0\"}], \"packageName\": \"undici\", \"collectionURL\": \"https://github.com/nodejs/undici/\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"}, {\"url\": \"https://hackerone.com/reports/3513473\"}, {\"url\": \"https://cna.openjsf.org/security-advisories.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\\n\\nIn vulnerable Undici versions, when\\u00a0interceptors.deduplicate()\\u00a0is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\\n\\nImpacted users are applications that use Undici\\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\\n\\nPatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\\n\\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIn vulnerable Undici versions, when\u0026nbsp;\u003ccode\u003einterceptors.deduplicate()\u003c/code\u003e\u0026nbsp;is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\u003c/p\u003e\u003cp\u003eImpacted users are applications that use Undici\\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\u003c/p\u003e\u003ch2\u003ePatches\u003c/h2\u003e\u003cp\u003eThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\u003c/p\u003e\u003cp\u003eUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of resources without limits or throttling\"}]}], \"providerMetadata\": {\"orgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"shortName\": \"openjs\", \"dateUpdated\": \"2026-03-12T20:13:19.571Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2581\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-13T18:04:58.799Z\", \"dateReserved\": \"2026-02-16T12:07:35.310Z\", \"assignerOrgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"datePublished\": \"2026-03-12T20:13:19.571Z\", \"assignerShortName\": \"openjs\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-sw34937
Vulnerability from cleanstart
Multiple security vulnerabilities affect the renovate package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "renovate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "43.4.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the renovate package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SW34937",
"modified": "2026-03-19T07:58:44Z",
"published": "2026-04-01T09:43:38.907490Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SW34937.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-64756"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1527"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1528"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2327"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23745"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2391"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25128"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25547"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26278"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27601"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27903"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27904"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27942"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-28292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29786"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31802"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33036"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-23c5-xmqv-rm74"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-25h7-pfq9-p65f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2g4f-4pwh-qvx6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2mjp-6q6p-2qxm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-34x7-hfp2-rc4v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37qj-frw5-hhjh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38c4-r59v-3vqw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3ppc-4f35-3m26"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4992-7rv2-5pvq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5j98-mcp5-4vw2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-73rr-hh4g-fpgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7h2j-956f-4vf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7r86-cg39-jmmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-83g3-92jg-28cx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8gc5-j5rx-235r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8qq5-rm4j-mr97"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8wc6-vgrq-x6cf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9ppj-qmqm-q256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f269-vfmq-vjvj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fj3w-jwp8-x2g3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jmr7-xgp7-cmfj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m7jm-9gc2-mpf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-phc3-fgpg-7m6h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qffp-2rhf-9h96"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qpx9-hpmf-5gmw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r275-fr43-pm7q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6q2-hw4h-h46w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v9p9-hfj2-hcw8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vrm6-8vpv-qv8q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w7fw-mjwx-w883"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2327"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2391"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25128"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27903"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28292"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29786"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31802"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-64756, CVE-2025-69873, CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2327, CVE-2026-23745, CVE-2026-2391, CVE-2026-24842, CVE-2026-25128, CVE-2026-25547, CVE-2026-2581, CVE-2026-25896, CVE-2026-26278, CVE-2026-26960, CVE-2026-27601, CVE-2026-27903, CVE-2026-27904, CVE-2026-27942, CVE-2026-28292, CVE-2026-29786, CVE-2026-31802, CVE-2026-32141, CVE-2026-33036, ghsa-23c5-xmqv-rm74, ghsa-25h7-pfq9-p65f, ghsa-2g4f-4pwh-qvx6, ghsa-2mjp-6q6p-2qxm, ghsa-34x7-hfp2-rc4v, ghsa-37qj-frw5-hhjh, ghsa-38c4-r59v-3vqw, ghsa-3ppc-4f35-3m26, ghsa-4992-7rv2-5pvq, ghsa-5j98-mcp5-4vw2, ghsa-73rr-hh4g-fpgx, ghsa-7h2j-956f-4vf2, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-8wc6-vgrq-x6cf, ghsa-9ppj-qmqm-q256, ghsa-f269-vfmq-vjvj, ghsa-fj3w-jwp8-x2g3, ghsa-jmr7-xgp7-cmfj, ghsa-m7jm-9gc2-mpf2, ghsa-phc3-fgpg-7m6h, ghsa-qffp-2rhf-9h96, ghsa-qpx9-hpmf-5gmw, ghsa-r275-fr43-pm7q, ghsa-r6q2-hw4h-h46w, ghsa-v9p9-hfj2-hcw8, ghsa-vrm6-8vpv-qv8q, ghsa-w7fw-mjwx-w883 applied in versions: 43.4.4-r0",
"upstream": [
"CVE-2025-64756",
"CVE-2025-69873",
"CVE-2026-1525",
"CVE-2026-1526",
"CVE-2026-1527",
"CVE-2026-1528",
"CVE-2026-2229",
"CVE-2026-2327",
"CVE-2026-23745",
"CVE-2026-2391",
"CVE-2026-24842",
"CVE-2026-25128",
"CVE-2026-25547",
"CVE-2026-2581",
"CVE-2026-25896",
"CVE-2026-26278",
"CVE-2026-26960",
"CVE-2026-27601",
"CVE-2026-27903",
"CVE-2026-27904",
"CVE-2026-27942",
"CVE-2026-28292",
"CVE-2026-29786",
"CVE-2026-31802",
"CVE-2026-32141",
"CVE-2026-33036",
"ghsa-23c5-xmqv-rm74",
"ghsa-25h7-pfq9-p65f",
"ghsa-2g4f-4pwh-qvx6",
"ghsa-2mjp-6q6p-2qxm",
"ghsa-34x7-hfp2-rc4v",
"ghsa-37qj-frw5-hhjh",
"ghsa-38c4-r59v-3vqw",
"ghsa-3ppc-4f35-3m26",
"ghsa-4992-7rv2-5pvq",
"ghsa-5j98-mcp5-4vw2",
"ghsa-73rr-hh4g-fpgx",
"ghsa-7h2j-956f-4vf2",
"ghsa-7r86-cg39-jmmj",
"ghsa-83g3-92jg-28cx",
"ghsa-8gc5-j5rx-235r",
"ghsa-8qq5-rm4j-mr97",
"ghsa-8wc6-vgrq-x6cf",
"ghsa-9ppj-qmqm-q256",
"ghsa-f269-vfmq-vjvj",
"ghsa-fj3w-jwp8-x2g3",
"ghsa-jmr7-xgp7-cmfj",
"ghsa-m7jm-9gc2-mpf2",
"ghsa-phc3-fgpg-7m6h",
"ghsa-qffp-2rhf-9h96",
"ghsa-qpx9-hpmf-5gmw",
"ghsa-r275-fr43-pm7q",
"ghsa-r6q2-hw4h-h46w",
"ghsa-v9p9-hfj2-hcw8",
"ghsa-vrm6-8vpv-qv8q",
"ghsa-w7fw-mjwx-w883"
]
}
FKIE_CVE-2026-2581
Vulnerability from fkie_nvd - Published: 2026-03-12 21:16 - Updated: 2026-06-17 10:31| URL | Tags | ||
|---|---|---|---|
| ce714d77-add3-4f53-aff5-83d477b104bb | https://cna.openjsf.org/security-advisories.html | Vendor Advisory | |
| ce714d77-add3-4f53-aff5-83d477b104bb | https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h | Mitigation, Vendor Advisory | |
| ce714d77-add3-4f53-aff5-83d477b104bb | https://hackerone.com/reports/3513473 | Permissions Required |
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://github.com/nodejs/undici/",
"defaultStatus": "unaffected",
"packageName": "undici",
"product": "undici",
"repo": "https://github.com/nodejs/undici/",
"vendor": "undici",
"versions": [
{
"status": "affected",
"version": "\u003c 6.24.0; 7.0.0 \u003c 7.24.0"
},
{
"status": "unaffected",
"version": "6.24.0: 7.24.0"
}
]
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F59DFD47-C8E0-425D-86EA-D9B0496EA2B6",
"versionEndExcluding": "7.24.0",
"versionStartIncluding": "7.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when\u00a0interceptors.deduplicate()\u00a0is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\nPatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch."
},
{
"lang": "es",
"value": "Esta es una vulnerabilidad de consumo de recursos no controlado (CWE-400) que puede conducir a una denegaci\u00f3n de servicio (DoS).\n\nEn versiones vulnerables de Undici, cuando interceptors.deduplicate() est\u00e1 habilitado, los datos de respuesta para solicitudes deduplicadas podr\u00edan acumularse en la memoria para los manejadores posteriores. Un endpoint ascendente controlado por un atacante o no confiable puede explotar esto con respuestas grandes/en fragmentos y solicitudes id\u00e9nticas concurrentes, causando un alto uso de memoria y una posible terminaci\u00f3n del proceso por OOM.\n\nLos usuarios afectados son aplicaciones que utilizan el interceptor de deduplicaci\u00f3n de Undici contra endpoints que pueden producir cuerpos de respuesta grandes o de larga duraci\u00f3n.\n\nParches. El problema ha sido parcheado cambiando el comportamiento de deduplicaci\u00f3n para transmitir fragmentos de respuesta a los manejadores posteriores a medida que llegan (en lugar de la acumulaci\u00f3n del cuerpo completo), y evitando la deduplicaci\u00f3n tard\u00eda cuando la transmisi\u00f3n del cuerpo ya ha comenzado.\n\nLos usuarios deber\u00edan actualizar a las primeras versiones oficiales de Undici (y Node.js, cuando corresponda) que incluyan este parche."
}
],
"id": "CVE-2026-2581",
"lastModified": "2026-06-17T10:31:21.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-2581",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T18:04:49.981133Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-03-12T21:16:25.930",
"references": [
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"tags": [
"Vendor Advisory"
],
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/3513473"
}
],
"sourceIdentifier": "ce714d77-add3-4f53-aff5-83d477b104bb",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
}
]
}
GHSA-PHC3-FGPG-7M6H
Vulnerability from github – Published: 2026-03-13 20:37 – Updated: 2026-03-13 20:37Impact
This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).
In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.
Impacted users are applications that use Undici’s deduplication interceptor against endpoints that may produce large or long-lived response bodies.
Patches
The issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.
Users should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.
Workarounds
If upgrading immediately is not possible:
- Disable
interceptors.deduplicate()for affected clients/routes. - Use
skipHeaderNameswith a marker header to force high-risk requests to bypass deduplication. - Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.
- Apply upstream/proxy response-size and timeout limits.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.17.0"
},
{
"fixed": "7.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-2581"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T20:37:58Z",
"nvd_published_at": "2026-03-12T21:16:25Z",
"severity": "MODERATE"
},
"details": "## Impact\nThis is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when `interceptors.deduplicate()` is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u2019s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\n## Patches\n\nThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.\n\n## Workarounds\nIf upgrading immediately is not possible:\n\n- Disable `interceptors.deduplicate()` for affected clients/routes.\n- Use `skipHeaderNames` with a marker header to force high-risk requests to bypass deduplication.\n- Avoid concurrent identical requests to untrusted endpoints that may return very large/chunked bodies.\n- Apply upstream/proxy response-size and timeout limits.",
"id": "GHSA-phc3-fgpg-7m6h",
"modified": "2026-03-13T20:37:58Z",
"published": "2026-03-13T20:37:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3513473"
},
{
"type": "WEB",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS"
}
OPENSUSE-SU-2026:11121-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-11525/ | self |
| https://www.suse.com/security/cve/CVE-2026-12151/ | self |
| https://www.suse.com/security/cve/CVE-2026-2581/ | self |
| https://www.suse.com/security/cve/CVE-2026-27135/ | self |
| https://www.suse.com/security/cve/CVE-2026-40170/ | self |
| https://www.suse.com/security/cve/CVE-2026-42338/ | self |
| https://www.suse.com/security/cve/CVE-2026-48615/ | self |
| https://www.suse.com/security/cve/CVE-2026-48617/ | self |
| https://www.suse.com/security/cve/CVE-2026-48618/ | self |
| https://www.suse.com/security/cve/CVE-2026-48619/ | self |
| https://www.suse.com/security/cve/CVE-2026-48928/ | self |
| https://www.suse.com/security/cve/CVE-2026-48930/ | self |
| https://www.suse.com/security/cve/CVE-2026-48931/ | self |
| https://www.suse.com/security/cve/CVE-2026-48933/ | self |
| https://www.suse.com/security/cve/CVE-2026-48934/ | self |
| https://www.suse.com/security/cve/CVE-2026-48935/ | self |
| https://www.suse.com/security/cve/CVE-2026-48937/ | self |
| https://www.suse.com/security/cve/CVE-2026-6733/ | self |
| https://www.suse.com/security/cve/CVE-2026-9496/ | self |
| https://www.suse.com/security/cve/CVE-2026-9678/ | self |
| https://www.suse.com/security/cve/CVE-2026-9679/ | self |
| https://www.suse.com/security/cve/CVE-2026-11525 | external |
| https://bugzilla.suse.com/1268481 | external |
| https://www.suse.com/security/cve/CVE-2026-12151 | external |
| https://bugzilla.suse.com/1268482 | external |
| https://www.suse.com/security/cve/CVE-2026-2581 | external |
| https://bugzilla.suse.com/1268480 | external |
| https://www.suse.com/security/cve/CVE-2026-27135 | external |
| https://bugzilla.suse.com/1259835 | external |
| https://www.suse.com/security/cve/CVE-2026-40170 | external |
| https://bugzilla.suse.com/1262273 | external |
| https://www.suse.com/security/cve/CVE-2026-42338 | external |
| https://bugzilla.suse.com/1268097 | external |
| https://www.suse.com/security/cve/CVE-2026-48615 | external |
| https://bugzilla.suse.com/1268598 | external |
| https://www.suse.com/security/cve/CVE-2026-48617 | external |
| https://bugzilla.suse.com/1268554 | external |
| https://www.suse.com/security/cve/CVE-2026-48618 | external |
| https://bugzilla.suse.com/1268593 | external |
| https://www.suse.com/security/cve/CVE-2026-48619 | external |
| https://bugzilla.suse.com/1268618 | external |
| https://www.suse.com/security/cve/CVE-2026-48928 | external |
| https://bugzilla.suse.com/1268605 | external |
| https://www.suse.com/security/cve/CVE-2026-48930 | external |
| https://bugzilla.suse.com/1268606 | external |
| https://www.suse.com/security/cve/CVE-2026-48931 | external |
| https://bugzilla.suse.com/1268611 | external |
| https://www.suse.com/security/cve/CVE-2026-48933 | external |
| https://bugzilla.suse.com/1268592 | external |
| https://www.suse.com/security/cve/CVE-2026-48934 | external |
| https://bugzilla.suse.com/1268608 | external |
| https://www.suse.com/security/cve/CVE-2026-48935 | external |
| https://bugzilla.suse.com/1268609 | external |
| https://www.suse.com/security/cve/CVE-2026-48937 | external |
| https://bugzilla.suse.com/1268555 | external |
| https://www.suse.com/security/cve/CVE-2026-6733 | external |
| https://bugzilla.suse.com/1268479 | external |
| https://www.suse.com/security/cve/CVE-2026-9496 | external |
| https://bugzilla.suse.com/1266318 | external |
| https://www.suse.com/security/cve/CVE-2026-9678 | external |
| https://bugzilla.suse.com/1268478 | external |
| https://www.suse.com/security/cve/CVE-2026-9679 | external |
| https://bugzilla.suse.com/1268477 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "corepack24-24.17.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the corepack24-24.17.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11121",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11121-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2581 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9678 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "corepack24-24.17.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11121-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.17.0-1.1.aarch64",
"product": {
"name": "corepack24-24.17.0-1.1.aarch64",
"product_id": "corepack24-24.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.17.0-1.1.aarch64",
"product": {
"name": "nodejs24-24.17.0-1.1.aarch64",
"product_id": "nodejs24-24.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.17.0-1.1.aarch64",
"product": {
"name": "nodejs24-devel-24.17.0-1.1.aarch64",
"product_id": "nodejs24-devel-24.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs24-docs-24.17.0-1.1.aarch64",
"product": {
"name": "nodejs24-docs-24.17.0-1.1.aarch64",
"product_id": "nodejs24-docs-24.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm24-24.17.0-1.1.aarch64",
"product": {
"name": "npm24-24.17.0-1.1.aarch64",
"product_id": "npm24-24.17.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.17.0-1.1.ppc64le",
"product": {
"name": "corepack24-24.17.0-1.1.ppc64le",
"product_id": "corepack24-24.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-24.17.0-1.1.ppc64le",
"product": {
"name": "nodejs24-24.17.0-1.1.ppc64le",
"product_id": "nodejs24-24.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.17.0-1.1.ppc64le",
"product": {
"name": "nodejs24-devel-24.17.0-1.1.ppc64le",
"product_id": "nodejs24-devel-24.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs24-docs-24.17.0-1.1.ppc64le",
"product": {
"name": "nodejs24-docs-24.17.0-1.1.ppc64le",
"product_id": "nodejs24-docs-24.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm24-24.17.0-1.1.ppc64le",
"product": {
"name": "npm24-24.17.0-1.1.ppc64le",
"product_id": "npm24-24.17.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.17.0-1.1.s390x",
"product": {
"name": "corepack24-24.17.0-1.1.s390x",
"product_id": "corepack24-24.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-24.17.0-1.1.s390x",
"product": {
"name": "nodejs24-24.17.0-1.1.s390x",
"product_id": "nodejs24-24.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.17.0-1.1.s390x",
"product": {
"name": "nodejs24-devel-24.17.0-1.1.s390x",
"product_id": "nodejs24-devel-24.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs24-docs-24.17.0-1.1.s390x",
"product": {
"name": "nodejs24-docs-24.17.0-1.1.s390x",
"product_id": "nodejs24-docs-24.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm24-24.17.0-1.1.s390x",
"product": {
"name": "npm24-24.17.0-1.1.s390x",
"product_id": "npm24-24.17.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack24-24.17.0-1.1.x86_64",
"product": {
"name": "corepack24-24.17.0-1.1.x86_64",
"product_id": "corepack24-24.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-24.17.0-1.1.x86_64",
"product": {
"name": "nodejs24-24.17.0-1.1.x86_64",
"product_id": "nodejs24-24.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-devel-24.17.0-1.1.x86_64",
"product": {
"name": "nodejs24-devel-24.17.0-1.1.x86_64",
"product_id": "nodejs24-devel-24.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs24-docs-24.17.0-1.1.x86_64",
"product": {
"name": "nodejs24-docs-24.17.0-1.1.x86_64",
"product_id": "nodejs24-docs-24.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm24-24.17.0-1.1.x86_64",
"product": {
"name": "npm24-24.17.0-1.1.x86_64",
"product_id": "npm24-24.17.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64"
},
"product_reference": "corepack24-24.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le"
},
"product_reference": "corepack24-24.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x"
},
"product_reference": "corepack24-24.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack24-24.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64"
},
"product_reference": "corepack24-24.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64"
},
"product_reference": "nodejs24-24.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le"
},
"product_reference": "nodejs24-24.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x"
},
"product_reference": "nodejs24-24.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-24.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64"
},
"product_reference": "nodejs24-24.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64"
},
"product_reference": "nodejs24-devel-24.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le"
},
"product_reference": "nodejs24-devel-24.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x"
},
"product_reference": "nodejs24-devel-24.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-24.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64"
},
"product_reference": "nodejs24-devel-24.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64"
},
"product_reference": "nodejs24-docs-24.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le"
},
"product_reference": "nodejs24-docs-24.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x"
},
"product_reference": "nodejs24-docs-24.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-24.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64"
},
"product_reference": "nodejs24-docs-24.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64"
},
"product_reference": "npm24-24.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le"
},
"product_reference": "npm24-24.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x"
},
"product_reference": "npm24-24.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm24-24.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
},
"product_reference": "npm24-24.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-2581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2581"
}
],
"notes": [
{
"category": "general",
"text": "This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS).\n\nIn vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination.\n\nImpacted users are applications that use Undici\u0027s deduplication interceptor against endpoints that may produce large or long-lived response bodies.\n\nPatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started.\n\nUsers should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2581",
"url": "https://www.suse.com/security/cve/CVE-2026-2581"
},
{
"category": "external",
"summary": "SUSE Bug 1268480 for CVE-2026-2581",
"url": "https://bugzilla.suse.com/1268480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-2581"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9678"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=\" authorization\" or no-cache=\"\\tauthorization\". The parser preserves the surrounding whitespace, so later comparisons against the literal authorization field name fail and the response is stored.\n\nIn shared-cache mode, this allows a response containing one user\u0027s authenticated data to be served from cache to a subsequent caller, including an unauthenticated caller, when both requests resolve to the same cache key.\n\nAffected applications are those that explicitly enable the cache interceptor (interceptors.cache()) in shared mode, forward Authorization headers upstream, and receive cacheable responses with non-canonical qualified private or no-cache directives.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, disable shared-cache mode for traffic that includes Authorization headers, avoid caching responses to authenticated requests, or add Vary: Authorization upstream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9678",
"url": "https://www.suse.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "SUSE Bug 1268478 for CVE-2026-9678",
"url": "https://bugzilla.suse.com/1268478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-9678"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:corepack24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-devel-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs24-docs-24.17.0-1.1.x86_64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.aarch64",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.s390x",
"openSUSE Tumbleweed:npm24-24.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
RHSA-2026:7350
Vulnerability from csaf_redhat - Published: 2026-04-09 20:27 - Updated: 2026-07-01 00:12A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.
CWE-425 - Direct Request ('Forced Browsing')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7350 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2436942 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-1525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1525 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://cwe.mitre.org/data/definitions/444.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3556037 | external |
| https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 | external |
| https://access.redhat.com/security/cve/CVE-2026-1526 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1526 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1526 | external |
| https://datatracker.ietf.org/doc/html/rfc7692 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3481206 | external |
| https://access.redhat.com/security/cve/CVE-2026-1527 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1527 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1527 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487198 | external |
| https://access.redhat.com/security/cve/CVE-2026-1528 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1528 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1528 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3537648 | external |
| https://access.redhat.com/security/cve/CVE-2026-2229 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2229 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2229 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487486 | external |
| https://nodejs.org/api/zlib.html#class-zlibinflateraw | external |
| https://access.redhat.com/security/cve/CVE-2026-2581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2581 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3513473 | external |
| https://access.redhat.com/security/cve/CVE-2026-21637 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21637 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21637 | external |
| https://nodejs.org/en/blog/vulnerability/december… | external |
| https://access.redhat.com/security/cve/CVE-2026-21710 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21710 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21710 | external |
| https://nodejs.org/en/blog/vulnerability/march-20… | external |
| https://access.redhat.com/security/cve/CVE-2026-21711 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21711 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21711 | external |
| https://access.redhat.com/security/cve/CVE-2026-21712 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21712 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21712 | external |
| https://hackerone.com/reports/3546390 | external |
| https://access.redhat.com/security/cve/CVE-2026-21713 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21713 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21713 | external |
| https://access.redhat.com/security/cve/CVE-2026-21714 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21714 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21714 | external |
| https://access.redhat.com/security/cve/CVE-2026-21715 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21715 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21715 | external |
| https://access.redhat.com/security/cve/CVE-2026-21716 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21716 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21716 | external |
| https://access.redhat.com/security/cve/CVE-2026-21717 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21717 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21717 | external |
| https://access.redhat.com/security/cve/CVE-2026-25547 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2436942 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-25547 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-25547 | external |
| https://github.com/isaacs/brace-expansion/securit… | external |
| https://access.redhat.com/security/cve/CVE-2026-26996 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26996 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26996 | external |
| https://github.com/isaacs/minimatch/commit/2e111f… | external |
| https://github.com/isaacs/minimatch/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-27135 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27135 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27135 | external |
| https://github.com/nghttp2/nghttp2/commit/5c7df8f… | external |
| https://github.com/nghttp2/nghttp2/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)\n\n* undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\n* Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)\n\n* nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)\n\n* Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)\n\n* Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)\n\n* Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)\n\n* nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7350",
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7350.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security update",
"tracking": {
"current_release_date": "2026-07-01T00:12:30+00:00",
"generator": {
"date": "2026-07-01T00:12:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7350",
"initial_release_date": "2026-04-09T20:27:37+00:00",
"revision_history": [
{
"date": "2026-04-09T20:27:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T20:27:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:12:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.11.0-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1527",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-03-12T21:01:21.390673+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP header injection and request smuggling vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1527"
},
{
"category": "external",
"summary": "RHBZ#2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487198",
"url": "https://hackerone.com/reports/3487198"
}
],
"release_date": "2026-03-12T20:17:18.984000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP header injection and request smuggling vulnerability"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-2581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:10.589089+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447140"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service due to uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2581"
},
{
"category": "external",
"summary": "RHBZ#2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3513473",
"url": "https://hackerone.com/reports/3513473"
}
],
"release_date": "2026-03-12T20:13:19.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Denial of Service due to uncontrolled resource consumption"
},
{
"cve": "CVE-2026-21637",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:01:26.738343+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Systems configured according to Red Hat guidelines should have their services set to restart in the event of a process crash. This Host system service management mitigates the availability impact to Red Hat customers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "RHBZ#2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-21711",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-03-30T20:01:55.465001+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21711"
},
{
"category": "external",
"summary": "RHBZ#2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.526000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks"
},
{
"cve": "CVE-2026-21712",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-03-30T16:02:27.812711+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "RHBZ#2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3546390",
"url": "https://hackerone.com/reports/3546390"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T15:13:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing"
},
{
"cve": "CVE-2026-21713",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-03-30T20:02:02.430513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453160"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "RHBZ#2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification"
},
{
"cve": "CVE-2026-21714",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-30T20:02:06.237456+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "RHBZ#2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames"
},
{
"cve": "CVE-2026-21715",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-30T20:01:25.714444+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "RHBZ#2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.507000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions"
},
{
"cve": "CVE-2026-21716",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-03-30T20:01:51.136802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "RHBZ#2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix."
},
{
"cve": "CVE-2026-21717",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2026-03-30T20:02:10.986695+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453162"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in V8\u0027s string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8\u0027s internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "RHBZ#2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7670
Vulnerability from csaf_redhat - Published: 2026-04-13 03:00 - Updated: 2026-07-01 00:12A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.
CWE-425 - Direct Request ('Forced Browsing')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7670 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://issues.redhat.com/browse/RHEL-151374 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-1525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1525 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://cwe.mitre.org/data/definitions/444.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3556037 | external |
| https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 | external |
| https://access.redhat.com/security/cve/CVE-2026-1526 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1526 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1526 | external |
| https://datatracker.ietf.org/doc/html/rfc7692 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3481206 | external |
| https://access.redhat.com/security/cve/CVE-2026-1527 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1527 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1527 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487198 | external |
| https://access.redhat.com/security/cve/CVE-2026-1528 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1528 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1528 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3537648 | external |
| https://access.redhat.com/security/cve/CVE-2026-2229 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2229 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2229 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487486 | external |
| https://nodejs.org/api/zlib.html#class-zlibinflateraw | external |
| https://access.redhat.com/security/cve/CVE-2026-2581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2581 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3513473 | external |
| https://access.redhat.com/security/cve/CVE-2026-21637 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21637 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21637 | external |
| https://nodejs.org/en/blog/vulnerability/december… | external |
| https://access.redhat.com/security/cve/CVE-2026-21710 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21710 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21710 | external |
| https://nodejs.org/en/blog/vulnerability/march-20… | external |
| https://access.redhat.com/security/cve/CVE-2026-21711 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21711 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21711 | external |
| https://access.redhat.com/security/cve/CVE-2026-21712 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21712 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21712 | external |
| https://hackerone.com/reports/3546390 | external |
| https://access.redhat.com/security/cve/CVE-2026-21713 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21713 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21713 | external |
| https://access.redhat.com/security/cve/CVE-2026-21714 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21714 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21714 | external |
| https://access.redhat.com/security/cve/CVE-2026-21715 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21715 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21715 | external |
| https://access.redhat.com/security/cve/CVE-2026-21716 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21716 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21716 | external |
| https://access.redhat.com/security/cve/CVE-2026-21717 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21717 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21717 | external |
| https://access.redhat.com/security/cve/CVE-2026-26996 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26996 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26996 | external |
| https://github.com/isaacs/minimatch/commit/2e111f… | external |
| https://github.com/isaacs/minimatch/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-27135 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27135 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27135 | external |
| https://github.com/nghttp2/nghttp2/commit/5c7df8f… | external |
| https://github.com/nghttp2/nghttp2/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)\n\n* undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\n* Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)\n\n* nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)\n\n* Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)\n\n* Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)\n\n* Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)\n\n* nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7670",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "RHEL-151374",
"url": "https://issues.redhat.com/browse/RHEL-151374"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7670.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security update",
"tracking": {
"current_release_date": "2026-07-01T00:12:34+00:00",
"generator": {
"date": "2026-07-01T00:12:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7670",
"initial_release_date": "2026-04-13T03:00:22+00:00",
"revision_history": [
{
"date": "2026-04-13T03:00:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T03:00:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:12:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-1.module%2Bel8.10.0%2B24190%2B49a46c75?arch=src\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel8.10.0%2B24190%2B49a46c75?arch=src\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-1.module%2Bel8.10.0%2B24190%2B49a46c75?arch=noarch\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel8.10.0%2B24190%2B49a46c75?arch=noarch\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel8.10.0%2B24190%2B49a46c75?arch=noarch\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch (nodejs:24)",
"product_id": "npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.11.0-1.24.14.1.2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel8.10.0%2B24190%2B49a46c75?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:8100020260408131901:6d880403"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24"
},
"product_reference": "npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1527",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-03-12T21:01:21.390673+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP header injection and request smuggling vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1527"
},
{
"category": "external",
"summary": "RHBZ#2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487198",
"url": "https://hackerone.com/reports/3487198"
}
],
"release_date": "2026-03-12T20:17:18.984000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP header injection and request smuggling vulnerability"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-2581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:10.589089+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447140"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service due to uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2581"
},
{
"category": "external",
"summary": "RHBZ#2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3513473",
"url": "https://hackerone.com/reports/3513473"
}
],
"release_date": "2026-03-12T20:13:19.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Denial of Service due to uncontrolled resource consumption"
},
{
"cve": "CVE-2026-21637",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:01:26.738343+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Systems configured according to Red Hat guidelines should have their services set to restart in the event of a process crash. This Host system service management mitigates the availability impact to Red Hat customers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "RHBZ#2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-21711",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-03-30T20:01:55.465001+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21711"
},
{
"category": "external",
"summary": "RHBZ#2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.526000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks"
},
{
"cve": "CVE-2026-21712",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-03-30T16:02:27.812711+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "RHBZ#2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3546390",
"url": "https://hackerone.com/reports/3546390"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T15:13:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing"
},
{
"cve": "CVE-2026-21713",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-03-30T20:02:02.430513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453160"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "RHBZ#2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification"
},
{
"cve": "CVE-2026-21714",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-30T20:02:06.237456+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "RHBZ#2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames"
},
{
"cve": "CVE-2026-21715",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-30T20:01:25.714444+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "RHBZ#2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.507000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions"
},
{
"cve": "CVE-2026-21716",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-03-30T20:01:51.136802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "RHBZ#2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix."
},
{
"cve": "CVE-2026-21717",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2026-03-30T20:02:10.986695+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453162"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in V8\u0027s string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8\u0027s internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "RHBZ#2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T03:00:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.14.1-2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-1.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24190+49a46c75.src::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:11.11.0-1.24.14.1.2.module+el8.10.0+24190+49a46c75.noarch::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.aarch64::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.ppc64le::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.s390x::nodejs:24",
"AppStream-8.10.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el8.10.0+24190+49a46c75.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7675
Vulnerability from csaf_redhat - Published: 2026-04-13 02:27 - Updated: 2026-07-01 00:12A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.
CWE-425 - Direct Request ('Forced Browsing')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch | — |
Vendor Fix
fix
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7675 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2436942 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-1525 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447144 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1525 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1525 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://cwe.mitre.org/data/definitions/444.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3556037 | external |
| https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6 | external |
| https://access.redhat.com/security/cve/CVE-2026-1526 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447142 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1526 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1526 | external |
| https://datatracker.ietf.org/doc/html/rfc7692 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3481206 | external |
| https://access.redhat.com/security/cve/CVE-2026-1527 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447141 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1527 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1527 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487198 | external |
| https://access.redhat.com/security/cve/CVE-2026-1528 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447145 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1528 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1528 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3537648 | external |
| https://access.redhat.com/security/cve/CVE-2026-2229 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447143 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2229 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2229 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3487486 | external |
| https://nodejs.org/api/zlib.html#class-zlibinflateraw | external |
| https://access.redhat.com/security/cve/CVE-2026-2581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2447140 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2581 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://hackerone.com/reports/3513473 | external |
| https://access.redhat.com/security/cve/CVE-2026-21637 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431340 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21637 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21637 | external |
| https://nodejs.org/en/blog/vulnerability/december… | external |
| https://access.redhat.com/security/cve/CVE-2026-21710 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453151 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21710 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21710 | external |
| https://nodejs.org/en/blog/vulnerability/march-20… | external |
| https://access.redhat.com/security/cve/CVE-2026-21711 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453158 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21711 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21711 | external |
| https://access.redhat.com/security/cve/CVE-2026-21712 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453037 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21712 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21712 | external |
| https://hackerone.com/reports/3546390 | external |
| https://access.redhat.com/security/cve/CVE-2026-21713 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453160 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21713 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21713 | external |
| https://access.redhat.com/security/cve/CVE-2026-21714 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453161 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21714 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21714 | external |
| https://access.redhat.com/security/cve/CVE-2026-21715 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453152 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21715 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21715 | external |
| https://access.redhat.com/security/cve/CVE-2026-21716 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453157 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21716 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21716 | external |
| https://access.redhat.com/security/cve/CVE-2026-21717 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453162 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21717 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21717 | external |
| https://access.redhat.com/security/cve/CVE-2026-25547 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2436942 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-25547 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-25547 | external |
| https://github.com/isaacs/brace-expansion/securit… | external |
| https://access.redhat.com/security/cve/CVE-2026-26996 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2441268 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26996 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26996 | external |
| https://github.com/isaacs/minimatch/commit/2e111f… | external |
| https://github.com/isaacs/minimatch/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-27135 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448754 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27135 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27135 | external |
| https://github.com/nghttp2/nghttp2/commit/5c7df8f… | external |
| https://github.com/nghttp2/nghttp2/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs24 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)\n\n* undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\n* Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)\n\n* nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)\n\n* Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)\n\n* Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)\n\n* Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)\n\n* nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7675",
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7675.json"
}
],
"title": "Red Hat Security Advisory: nodejs24 security update",
"tracking": {
"current_release_date": "2026-07-01T00:12:30+00:00",
"generator": {
"date": "2026-07-01T00:12:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7675",
"initial_release_date": "2026-04-13T02:27:36+00:00",
"revision_history": [
{
"date": "2026-04-13T02:27:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:27:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:12:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"product_id": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.14.1-2.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product_id": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.14.1-2.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.14.1-2.el10_1.src",
"product": {
"name": "nodejs24-1:24.14.1-2.el10_1.src",
"product_id": "nodejs24-1:24.14.1-2.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.14.1-2.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product_id": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.14.1-2.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product_id": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.14.1-2.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"product": {
"name": "nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"product_id": "nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-docs@24.14.1-2.el10_1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch",
"product": {
"name": "nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch",
"product_id": "nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-npm@11.11.0-1.24.14.1.2.el10_1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.14.1-2.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src"
},
"product_reference": "nodejs24-1:24.14.1-2.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-1:24.14.1-2.el10_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch"
},
"product_reference": "nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
},
"product_reference": "nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1527",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-03-12T21:01:21.390673+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP header injection and request smuggling vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1527"
},
{
"category": "external",
"summary": "RHBZ#2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487198",
"url": "https://hackerone.com/reports/3487198"
}
],
"release_date": "2026-03-12T20:17:18.984000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP header injection and request smuggling vulnerability"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-2581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:10.589089+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447140"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service due to uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2581"
},
{
"category": "external",
"summary": "RHBZ#2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3513473",
"url": "https://hackerone.com/reports/3513473"
}
],
"release_date": "2026-03-12T20:13:19.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Denial of Service due to uncontrolled resource consumption"
},
{
"cve": "CVE-2026-21637",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:01:26.738343+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Systems configured according to Red Hat guidelines should have their services set to restart in the event of a process crash. This Host system service management mitigates the availability impact to Red Hat customers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "RHBZ#2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-21711",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-03-30T20:01:55.465001+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21711"
},
{
"category": "external",
"summary": "RHBZ#2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.526000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks"
},
{
"cve": "CVE-2026-21712",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-03-30T16:02:27.812711+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "RHBZ#2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3546390",
"url": "https://hackerone.com/reports/3546390"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T15:13:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing"
},
{
"cve": "CVE-2026-21713",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-03-30T20:02:02.430513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453160"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "RHBZ#2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification"
},
{
"cve": "CVE-2026-21714",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-30T20:02:06.237456+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "RHBZ#2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames"
},
{
"cve": "CVE-2026-21715",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-30T20:01:25.714444+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "RHBZ#2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.507000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions"
},
{
"cve": "CVE-2026-21716",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-03-30T20:01:51.136802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "RHBZ#2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix."
},
{
"cve": "CVE-2026-21717",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2026-03-30T20:02:10.986695+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453162"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in V8\u0027s string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8\u0027s internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "RHBZ#2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:27:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.src",
"AppStream-10.1.Z:nodejs24-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-debugsource-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-devel-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-docs-1:24.14.1-2.el10_1.noarch",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-full-i18n-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.aarch64",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.s390x",
"AppStream-10.1.Z:nodejs24-libs-debuginfo-1:24.14.1-2.el10_1.x86_64",
"AppStream-10.1.Z:nodejs24-npm-1:11.11.0-1.24.14.1.2.el10_1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
WID-SEC-W-2026-0933
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-05-31 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container Operator <12.0.24
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.24 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.2.0
IBM / App Connect Enterprise
|
<13.2.0 | ||
|
IBM App Connect Enterprise <13.0.7.0
IBM / App Connect Enterprise
|
<13.0.7.0 |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://www.ibm.com/support/pages/node/7268023 | external |
| https://www.ibm.com/support/pages/node/7268166 | external |
| https://access.redhat.com/errata/RHSA-2026:7670 | external |
| https://www.ibm.com/support/pages/node/7274684 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder andere nicht n\u00e4her bezeichnete Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0933 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0933.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0933 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0933"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268023 vom 2026-03-30",
"url": "https://www.ibm.com/support/pages/node/7268023"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268166 vom 2026-03-31",
"url": "https://www.ibm.com/support/pages/node/7268166"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7670 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274684 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274684"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise (Hono und Undici): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-31T22:00:00.000+00:00",
"generator": {
"date": "2026-06-01T10:32:27.102+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0933",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.7.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.7.0",
"product_id": "T052310"
}
},
{
"category": "product_version",
"name": "13.0.7.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.7.0",
"product_id": "T052310-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.7.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.2.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.2.0",
"product_id": "T054915"
}
},
{
"category": "product_version",
"name": "13.2.0",
"product": {
"name": "IBM App Connect Enterprise 13.2.0",
"product_id": "T054915-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.2.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.24",
"product_id": "T054916"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.24",
"product_id": "T054916-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.24"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1525"
},
{
"cve": "CVE-2026-1526",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1526"
},
{
"cve": "CVE-2026-1528",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1528"
},
{
"cve": "CVE-2026-2229",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-2229"
},
{
"cve": "CVE-2026-2581",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-2581"
},
{
"cve": "CVE-2026-29045",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29045"
},
{
"cve": "CVE-2026-29085",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29085"
},
{
"cve": "CVE-2026-29086",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-29086"
},
{
"cve": "CVE-2026-1527",
"product_status": {
"known_affected": [
"T054916",
"67646",
"T051349",
"T054915",
"T052310"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1527"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.