Release date:
2026-04-28 16:58:05 UTC
Description:
- CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator
caused by unbounded whitespace expansion in version ranges
- CVE-2026-21710: fix HTTP prototype pollution in http.get/request via
headersDistinct option by using null-prototype objects for header storage
- CVE-2026-27135: fix bundled nghttp2 IGN_ALL flag bypass that allowed attackers
to ignore header validation and smuggle malformed HTTP/2 requests
Updated packages:
-
nodejs-16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:6e651cae9ae451f936c8dbc2617cf75804b5d991ebd4a9eaf0b17b6a98080b58
-
nodejs-devel-16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:083f62ba090e2372a8f9eb6ca6bb20fa2e5edc460e7b339dc83f37570400960b
-
nodejs-docs-16.20.2-8.el9_6.tuxcare.els13.noarch.rpm
sha:6144e7f8289dfa04293f274f599b3cea2243728fd7f9f2a6e19e5ef571c426bf
-
nodejs-full-i18n-16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:dfd4f127918b16ef27865ccec754bdcd0e6ee56ff236478963ef0c12c32b3166
-
nodejs-libs-16.20.2-8.el9_6.tuxcare.els13.i686.rpm
sha:1afc4a6e79c8b808b50cbbcf82733acf59f1ee274f01361e5a111d91e0b90fd9
-
nodejs-libs-16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:081277d99b2d84369c18b4b2f13ca8eeb1ea3e44eb4e1c33f77bba86c2f0fad8
-
npm-8.19.4_1.16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:ef97ece84dedfe6b797f1db2388e5ade57d89e2bdccf58cf8e7a5fd182631d3f
-
v8-devel-9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els13.x86_64.rpm
sha:5be8e5ccebdec35266d96559131ba791acd63a6051f0bb8a9d2c67f6800c1dcb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
