[CLSA-2026:1777394614] nodejs: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-28 16:43:39 UTC
Description:
- CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges - CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage - CVE-2026-27135: fix bundled nghttp2 IGN_ALL flag bypass that allowed attackers to ignore header validation and smuggle malformed HTTP/2 requests
Updated packages:
  • nodejs-16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:a2976faee8d9f1023a2a3aae1e78500eb7fa3b5bfa0fbc6c9f93889cf1c8b123
  • nodejs-devel-16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:259063e5afc4614897f8b01d732b1910b80938130f87d496da524a737f562bf1
  • nodejs-docs-16.20.2-8.el9_2.tuxcare.els13.noarch.rpm
    sha:6e6165d62b640e58906bc39395f56e6529c66fce30505a756bddaff3a4aaaaf4
  • nodejs-full-i18n-16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:b6d8de00162d7a168cba5f928c9b6c4bea76bdd5f268710eace6beaaec1ad3b7
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els13.i686.rpm
    sha:a06c12970a943b3237fbd7db52c4728df0b32ae968716854c69e21fd0e08eab6
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:cd83ddeae5e46cc7855dd6e93f9482a3c48eb722eeb5d7d9b2d2cde1f95c638f
  • npm-8.19.4_1.16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:31913aca9896e829a52d6903ca2251eb76640248297681b60768a982f697db11
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els13.x86_64.rpm
    sha:c2bd8800052e61ba84ff007b36bf035657b131a9ff8cab9663cfe62bda9d12c5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.