Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27135 (GCVE-0-2026-27135)
Vulnerability from cvelistv5 – Published: 2026-03-18 17:59 – Updated: 2026-07-15 01:14- CWE-617 - Reachable Assertion
| Vendor | Product | Version | |
|---|---|---|---|
| nghttp2 | nghttp2 |
Affected:
< 1.68.1
|
|
| Red Hat | JBoss Core Services for RHEL 8 |
Unaffected:
0:1.64.0-3.el8jbcs , < *
(rpm)
cpe:/a:redhat:jboss_core_services:1::el8 |
|
| Red Hat | JBoss Core Services on RHEL 7 |
Unaffected:
0:1.64.0-3.el7jbcs , < *
(rpm)
cpe:/a:redhat:jboss_core_services:1::el7 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
1:22.22.2-1.el10_1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:1.64.0-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
1:24.14.1-2.el10_1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
1:22.22.2-2.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
0:1.64.0-2.el10_0.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8100020260331102257.6d880403 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8100020260408131901.6d880403 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8100020260414073138.489197e6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.33.0-6.el8_10.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.33.0-3.el8_2.4 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.33.0-4.el8_4.3 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:1.33.0-4.el8_4.3 , < *
(rpm)
cpe:/o:redhat:rhel_eus_long_life:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.33.0-4.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.33.0-4.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.33.0-4.el8_6.3 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:1.33.0-5.el8_8.2 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:1.33.0-5.el8_8.2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9070020260401095228.rhel9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9070020260402152654.rhel9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9070020260409073121.rhel9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:1.43.0-6.el9_7.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:1.43.0-5.el9_0.4 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:9.0 |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:1.43.0-5.el9_2.4 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:9.2 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
9040020260421133644.rhel9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:1.43.0-5.el9_4.4 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
9060020260409121057.rhel9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
9060020260422064119.rhel9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:1.43.0-6.el9_6.1 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat JBoss Core Services 2.4.62.SP4 |
cpe:/a:redhat:jboss_core_services:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
Unaffected:
412.86.202605271418-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.12::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected:
413.92.202605271328-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
414.92.202605060243-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202605060220-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
416.94.202605200242-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
Unaffected:
417.94.202605112123-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
Unaffected:
418.94.202605260517-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
Unaffected:
4.19.9.6.202605201155-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325677 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325711 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325710 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-3.1777325680 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325709 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325680 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.13.5-4.1777325708 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
|
| Red Hat | Red Hat AI Inference Server 3.2 |
Unaffected:
1779223654 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.2::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.2 |
Unaffected:
1779223651 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.2::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.2 |
Unaffected:
1780681984 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.2::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.3 |
Unaffected:
1778244559 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.3::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.3 |
Unaffected:
1778244531 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.3::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.3 |
Unaffected:
1778274666 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.3::el9 |
|
| Red Hat | Red Hat AI Inference Server 3.3 |
Unaffected:
1778244546 , < *
(rpm)
cpe:/a:redhat:ai_inference_server:3.3::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1778101579 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1778156756 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
1.68.1-1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Insights proxy 1.5 |
Unaffected:
1776868961 , < *
(rpm)
cpe:/a:redhat:insights_proxy:1.5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868774 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868744 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868772 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868842 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1777459441 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1777454300 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1777459504 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T18:36:41.841104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T18:36:48.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-13T21:31:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/20/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_core_services:1::el8"
],
"defaultStatus": "affected",
"packageName": "jbcs-httpd24-nghttp2",
"product": "JBoss Core Services for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.64.0-3.el8jbcs",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_core_services:1::el7"
],
"defaultStatus": "affected",
"packageName": "jbcs-httpd24-nghttp2",
"product": "JBoss Core Services on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.64.0-3.el7jbcs",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "nodejs22",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:22.22.2-1.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.64.0-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "nodejs24",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:24.14.1-2.el10_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "nodejs22",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:22.22.2-2.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.64.0-2.el10_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nodejs:22",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020260331102257.6d880403",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nodejs:24",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020260408131901.6d880403",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nodejs:20",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020260414073138.489197e6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-6.el8_10.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-3.el8_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-4.el8_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-4.el8_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-4.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-4.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-4.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-5.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.33.0-5.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nodejs:22",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9070020260401095228.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nodejs:24",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9070020260402152654.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nodejs:20",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9070020260409073121.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.43.0-6.el9_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.43.0-5.el9_0.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.43.0-5.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "nodejs:20",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9040020260421133644.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.43.0-5.el9_4.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nodejs:22",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9060020260409121057.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nodejs:20",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9060020260422064119.rhel9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nghttp2",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.43.0-6.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_core_services:1"
],
"defaultStatus": "unaffected",
"packageName": "nghttp2",
"product": "Red Hat JBoss Core Services 2.4.62.SP4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "412.86.202605271418-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "413.92.202605271328-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202605060243-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202605060220-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202605200242-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "417.94.202605112123-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "418.94.202605260517-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.19.9.6.202605201155-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-businesscentral-monitoring-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325677",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-businesscentral-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325711",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-controller-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325710",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-dashbuilder-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-3.1777325680",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-kieserver-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325709",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-process-migration-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325680",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-smartrouter-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.5-4.1777325708",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/vllm-cuda-rhel9",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779223654",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/vllm-rocm-rhel9",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779223651",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/model-opt-cuda-rhel9",
"product": "Red Hat AI Inference Server 3.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1780681984",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/model-opt-cuda-rhel9",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778244559",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/vllm-rocm-rhel9",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778244531",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/vllm-cuda-rhel9",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778274666",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ai_inference_server:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhaiis/vllm-spyre-rhel9",
"product": "Red Hat AI Inference Server 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778244546",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778101579",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778156756",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "nghttp2-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.68.1-1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868961",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/cds-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868774",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/haproxy-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868744",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/installer-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868772",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/rhua-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868842",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/cds-kubernetes-tp-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777459441",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/installer-tp-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777454300",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/rhua-tp-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777459504",
"versionType": "rpm"
}
]
}
],
"datePublic": "2026-03-18T17:59:02.045Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:14:36.116Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"name": "RHBZ#2448754",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27200"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21695"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13812"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21690"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14773"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17596"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21656"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20040"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8868"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7666"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8339"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9711"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7983"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7896"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7667"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8541"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8538"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8546"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8547"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7668"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25096"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19724"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19725"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16008"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16030"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16009"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16174"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6190"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9832"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10065"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8"
},
{
"lang": "en",
"value": "RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:13812: Middleware Containers for OpenShift"
},
{
"lang": "en",
"value": "RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:17596: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21656: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20040: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:8868: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7666: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8339: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:9711: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:9874: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7896: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7667: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:8541: Red Hat Enterprise Linux BaseOS AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:8539: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8538: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8540: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:8546: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8545: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:8547: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8548: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7668: Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:19724: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:19725: Red Hat AI Inference Server 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:14937: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:6190: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:9832: Red Hat Insights proxy 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4"
},
{
"lang": "en",
"value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
},
{
"lang": "en",
"value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T19:02:13.823Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T17:59:02.045Z",
"value": "Made public."
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:47:22.165Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "nghttp2",
"vendor": "nghttp2",
"versions": [
{
"status": "affected",
"version": "\u003c 1.68.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T17:59:02.045Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
},
{
"name": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
}
],
"source": {
"advisory": "GHSA-6933-cjhr-5qg6",
"discovery": "UNKNOWN"
},
"title": "nghttp2 Denial of service: Assertion failure due to the missing state validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27135",
"datePublished": "2026-03-18T17:59:02.045Z",
"dateReserved": "2026-02-17T18:42:27.044Z",
"dateUpdated": "2026-07-15T01:14:36.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27135",
"date": "2026-07-19",
"epss": "0.00775",
"percentile": "0.51678"
},
"microsoft_vex": {
"current_release_date": "2026-03-27T01:41:20.000Z",
"cve": "CVE-2026-27135",
"id": "msrc_CVE-2026-27135",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"product_status:fixed": "6",
"product_status:known_affected": "6",
"product_status:known_not_affected": "3",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "nghttp2 Denial of service: Assertion failure due to the missing state validation",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-27135.json",
"version": "5"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27135\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-18T18:16:26.723\",\"lastModified\":\"2026-07-15T02:19:03.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.\"},{\"lang\":\"es\",\"value\":\"nghttp2 es una implementaci\u00f3n del Protocolo de Transferencia de Hipertexto versi\u00f3n 2 en C. Antes de la versi\u00f3n 1.68.1, la biblioteca nghttp2 deja de leer los datos entrantes cuando la aplicaci\u00f3n llama a la API p\u00fablica orientada al usuario \u0027nghttp2_session_terminate_session\u0027 o \u0027nghttp2_session_terminate_session2\u0027. Estas pueden ser llamadas internamente por la biblioteca cuando esta detecta una situaci\u00f3n sujeta a error de conexi\u00f3n. Debido a la falta de validaci\u00f3n del estado interno, la biblioteca sigue leyendo el resto de los datos despu\u00e9s de que se llama a una de esas APIs. Luego, recibir una trama malformada que causa FRAME_SIZE_ERROR provoca un fallo de aserci\u00f3n. nghttp2 v1.68.1 a\u00f1ade la validaci\u00f3n de estado faltante para evitar el fallo de aserci\u00f3n. No se conocen soluciones alternativas disponibles.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"nghttp2\",\"product\":\"nghttp2\",\"versions\":[{\"version\":\"\u003c 1.68.1\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"JBoss Core Services for RHEL 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"jbcs-httpd24-nghttp2\",\"cpes\":[\"cpe:/a:redhat:jboss_core_services:1::el8\"],\"versions\":[{\"version\":\"0:1.64.0-3.el8jbcs\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"JBoss Core Services on RHEL 7\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"jbcs-httpd24-nghttp2\",\"cpes\":[\"cpe:/a:redhat:jboss_core_services:1::el7\"],\"versions\":[{\"version\":\"0:1.64.0-3.el7jbcs\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs22\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"],\"versions\":[{\"version\":\"1:22.22.2-1.el10_1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"],\"versions\":[{\"version\":\"0:1.64.0-2.el10_1.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs24\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"],\"versions\":[{\"version\":\"1:24.14.1-2.el10_1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10.0 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs22\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"],\"versions\":[{\"version\":\"1:22.22.2-2.el10_0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10.0 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"],\"versions\":[{\"version\":\"0:1.64.0-2.el10_0.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:22\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8\"],\"versions\":[{\"version\":\"8100020260331102257.6d880403\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:24\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8\"],\"versions\":[{\"version\":\"8100020260408131901.6d880403\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:20\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8\"],\"versions\":[{\"version\":\"8100020260414073138.489197e6\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"],\"versions\":[{\"version\":\"0:1.33.0-6.el8_10.2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.2 Advanced Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.2\"],\"versions\":[{\"version\":\"0:1.33.0-3.el8_2.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.4\"],\"versions\":[{\"version\":\"0:1.33.0-4.el8_4.3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_eus_long_life:8.4\"],\"versions\":[{\"version\":\"0:1.33.0-4.el8_4.3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.6\"],\"versions\":[{\"version\":\"0:1.33.0-4.el8_6.3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.6\"],\"versions\":[{\"version\":\"0:1.33.0-4.el8_6.3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.6\"],\"versions\":[{\"version\":\"0:1.33.0-4.el8_6.3\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.8\"],\"versions\":[{\"version\":\"0:1.33.0-5.el8_8.2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.8\"],\"versions\":[{\"version\":\"0:1.33.0-5.el8_8.2\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:22\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9\"],\"versions\":[{\"version\":\"9070020260401095228.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:24\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9\"],\"versions\":[{\"version\":\"9070020260402152654.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:20\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9\"],\"versions\":[{\"version\":\"9070020260409073121.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"],\"versions\":[{\"version\":\"0:1.43.0-6.el9_7.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.0\"],\"versions\":[{\"version\":\"0:1.43.0-5.el9_0.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.2\"],\"versions\":[{\"version\":\"0:1.43.0-5.el9_2.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.4 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:20\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4\"],\"versions\":[{\"version\":\"9040020260421133644.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.4 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.4\"],\"versions\":[{\"version\":\"0:1.43.0-5.el9_4.4\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:22\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6\"],\"versions\":[{\"version\":\"9060020260409121057.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nodejs:20\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6\"],\"versions\":[{\"version\":\"9060020260422064119.rhel9\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.6\"],\"versions\":[{\"version\":\"0:1.43.0-6.el9_6.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Core Services 2.4.62.SP4\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2\",\"cpes\":[\"cpe:/a:redhat:jboss_core_services:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.12\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.12::el8\"],\"versions\":[{\"version\":\"412.86.202605271418-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.13\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.13::el9\"],\"versions\":[{\"version\":\"413.92.202605271328-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el9\"],\"versions\":[{\"version\":\"414.92.202605060243-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el9\"],\"versions\":[{\"version\":\"415.92.202605060220-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.16\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.16::el9\"],\"versions\":[{\"version\":\"416.94.202605200242-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el9\"],\"versions\":[{\"version\":\"417.94.202605112123-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el9\"],\"versions\":[{\"version\":\"418.94.202605260517-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el9\"],\"versions\":[{\"version\":\"4.19.9.6.202605201155-0\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-businesscentral-monitoring-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325677\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-businesscentral-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325711\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-controller-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325710\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-dashbuilder-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-3.1777325680\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-kieserver-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325709\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-process-migration-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325680\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"RHEL-8 based Middleware Containers\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhpam-7/rhpam-smartrouter-rhel8\",\"cpes\":[\"cpe:/a:redhat:rhosemc:1.0::el8\"],\"versions\":[{\"version\":\"7.13.5-4.1777325708\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/vllm-cuda-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.2::el9\"],\"versions\":[{\"version\":\"1779223654\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/vllm-rocm-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.2::el9\"],\"versions\":[{\"version\":\"1779223651\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/model-opt-cuda-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.2::el9\"],\"versions\":[{\"version\":\"1780681984\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/model-opt-cuda-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"],\"versions\":[{\"version\":\"1778244559\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/vllm-rocm-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"],\"versions\":[{\"version\":\"1778244531\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/vllm-cuda-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"],\"versions\":[{\"version\":\"1778274666\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server 3.3\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhaiis/vllm-spyre-rhel9\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3.3::el9\"],\"versions\":[{\"version\":\"1778244546\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"discovery/discovery-server-rhel9\",\"cpes\":[\"cpe:/a:redhat:discovery:2::el9\"],\"versions\":[{\"version\":\"1778101579\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"discovery/discovery-ui-rhel9\",\"cpes\":[\"cpe:/a:redhat:discovery:2::el9\"],\"versions\":[{\"version\":\"1778156756\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"nghttp2-main\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"],\"versions\":[{\"version\":\"1.68.1-1.hum1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Insights proxy 1.5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"insights-proxy/insights-proxy-container-rhel9\",\"cpes\":[\"cpe:/a:redhat:insights_proxy:1.5::el9\"],\"versions\":[{\"version\":\"1776868961\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/cds-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1776868774\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/haproxy-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1776868744\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/installer-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1776868772\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/rhua-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1776868842\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/cds-kubernetes-tp-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1777459441\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/installer-tp-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1777454300\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"rhui5/rhua-tp-rhel9\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"],\"versions\":[{\"version\":\"1777459504\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-18T18:36:41.841104Z\",\"id\":\"CVE-2026-27135\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.68.1\",\"matchCriteriaId\":\"1D6F266C-6337-477C-9A88-F7692CF26822\"}]}]}],\"references\":[{\"url\":\"https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10065\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11768\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13812\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14773\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14937\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15087\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16008\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16009\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16030\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16174\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17596\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19724\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19725\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20040\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20087\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21656\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21690\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21695\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25096\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27200\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27201\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6190\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7080\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7302\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7310\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7350\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7666\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7667\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7668\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7670\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7675\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7896\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7983\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8538\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8539\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8540\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8541\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8545\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8546\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8547\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8548\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8868\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9711\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9832\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-27135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2448754\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-019113.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-06-30T04:02:24+00:00",
"cve": "CVE-2026-27135",
"id": "CVE-2026-27135",
"initial_release_date": "2026-03-18T17:59:02.045000+00:00",
"product_status:fixed": "919",
"product_status:known_not_affected": "58",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/20/3\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-13T21:31:25.337Z\"}}, {\"title\": \"nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:jboss_core_services:1::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Core Services on RHEL 7 Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_core_services:1::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Core Services on RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhosemc:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Middleware Containers for OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS AUS (v. 8.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.9.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux BaseOS (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CRB (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:insights_proxy:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Insights proxy 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_core_services:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Core Services 2.4.62.SP4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-18T19:02:13.823Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-03-18T17:59:02.045Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13812: Middleware Containers for OpenShift\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17596: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21656: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20040: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8868: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7666: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8339: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9711: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9874: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7896: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7667: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8541: Red Hat Enterprise Linux BaseOS AUS (v. 8.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8539: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8538: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8540: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8546: Red Hat Enterprise Linux BaseOS E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8545: Red Hat Enterprise Linux BaseOS E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8547: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8548: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7668: Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25096: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19724: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19725: Red Hat AI Inference Server 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16008: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16030: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16009: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16174: Red Hat AI Inference Server 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14937: Red Hat Discovery 2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6190: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9832: Red Hat Insights proxy 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11768: Red Hat Update Infrastructure 5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10065: Red Hat Update Infrastructure 5\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-03-18T17:59:02.045Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-27135\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2448754\", \"name\": \"RHBZ#2448754\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27135.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21695\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13812\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21690\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15087\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14773\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20087\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17596\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21656\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20040\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8868\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7310\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7666\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7080\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8339\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7670\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9711\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7983\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7896\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7302\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7667\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8541\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8539\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8538\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8540\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8546\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8547\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8548\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7668\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25096\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19724\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19725\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16030\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16009\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16174\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14937\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6190\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9832\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27201\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11768\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10065\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"Reachable Assertion\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T12:08:08.741Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-019113.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-07-14T12:47:22.165Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27135\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-18T18:36:41.841104Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-18T18:36:44.358Z\"}}], \"cna\": {\"title\": \"nghttp2 Denial of service: Assertion failure due to the missing state validation\", \"source\": {\"advisory\": \"GHSA-6933-cjhr-5qg6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"nghttp2\", \"product\": \"nghttp2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.68.1\"}]}], \"references\": [{\"url\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6\", \"name\": \"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1\", \"name\": \"https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"CWE-617: Reachable Assertion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-18T17:59:02.045Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27135\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-14T12:47:22.165Z\", \"dateReserved\": \"2026-02-17T18:42:27.044Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-18T17:59:02.045Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:27201
Vulnerability from csaf_redhat - Published: 2026-06-22 15:13 - Updated: 2026-07-19 15:35A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service (DoS). The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
A flaw was found in the mod_md module of httpd. When processing OCSP (Online Certificate Status Protocol) responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Core Services 2.4.62.SP4
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)\n* jbcs-httpd24-httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)\n* jbcs-httpd24-mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)\n* mod_proxy_ajp.so: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)\n* mod_proxy_ajp.so: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)\n* mod_authn_socache.so: NULL pointer dereference can cause a child process crash (CVE-2026-33007)\n* mod_proxy_ajp.so: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)\n* mod_dav_lock.so: NULL pointer dereference via specially crafted request (CVE-2026-29169)\n* jbcs-httpd24-mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168)\n* jbcs-httpd24-httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n* jbcs-httpd24-openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group (CVE-2026-2673)\n* libexpat-2.dll: denial of service via crafted XML input (CVE-2026-45186)\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27201",
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_4_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_4_release_notes/index"
},
{
"category": "external",
"summary": "2379343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343"
},
{
"category": "external",
"summary": "2447327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447327"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "2464940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
},
{
"category": "external",
"summary": "2464952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
},
{
"category": "external",
"summary": "2464953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
},
{
"category": "external",
"summary": "2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "2465299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
},
{
"category": "external",
"summary": "2466753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753"
},
{
"category": "external",
"summary": "2466913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
},
{
"category": "external",
"summary": "2468575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
},
{
"category": "external",
"summary": "2485371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27201.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update",
"tracking": {
"current_release_date": "2026-07-19T15:35:59+00:00",
"generator": {
"date": "2026-07-19T15:35:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:27201",
"initial_release_date": "2026-06-22T15:13:13+00:00",
"revision_history": [
{
"date": "2026-06-22T15:13:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T15:13:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T15:35:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 2.4.62.SP4",
"product": {
"name": "Red Hat JBoss Core Services 2.4.62.SP4",
"product_id": "Red Hat JBoss Core Services 2.4.62.SP4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53020",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-07-10T18:00:46.989628+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379343"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service (DoS). The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53020"
},
{
"category": "external",
"summary": "RHBZ#2379343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53020"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2025-07-10T16:59:06.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "The attack surface can be reduced by disabling HTTP/2 support in Apache.\nFollow the guidance in Red Hat KCS article to:\n- Remove h2 and h2c from the Protocols directive\n- Disable mod_http2 and mod_proxy_http2 modules (if not required)\n\nhttps://access.redhat.com/node/7056356",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase"
},
{
"cve": "CVE-2026-2673",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-13T14:01:14.098405+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447327"
}
],
"notes": [
{
"category": "description",
"text": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client\u0027s initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this flaw is limited to the choice of key agreement groups in a specific TLS connection. While a less a preferred key agreement group may allow for a connection to lack post-quantum protection, it is important to know that the connection will still be encrypted with a secure classical cipher and that the degradation of the cipher is limited to the active connection and is not a persistent degradation. Groups which the server operator has disallowed will not be used and it may be the case that the client and server fail to agree upon a key exchange group which would prevent the offending client from constructing a TLS connection.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2673"
},
{
"category": "external",
"summary": "RHBZ#2447327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f",
"url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34",
"url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260313.txt",
"url": "https://openssl-library.org/news/secadv/20260313.txt"
}
],
"release_date": "2026-03-13T13:23:00.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-28780",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-05-05T22:01:12.666022+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28780"
},
{
"category": "external",
"summary": "RHBZ#2466913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-05T21:29:41.527000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow"
},
{
"cve": "CVE-2026-29168",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-05T14:01:25.519480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_md module of httpd. When processing OCSP (Online Certificate Status Protocol) responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_md: unrestricted OCSP response leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, the Apache HTTP Server must query an untrusted or compromised OCSP responder, limiting its exposure. Due to this reason, this vulnerability has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_md loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29168"
},
{
"category": "external",
"summary": "RHBZ#2466753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29168"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-05T13:10:05.656000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_md and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_md: unrestricted OCSP response leads to resource exhaustion"
},
{
"cve": "CVE-2026-29169",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-04T15:01:18.611919+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2465296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer dereference via specially crafted request",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows an unauthenticated remote attacker to crash the server via a specially crafted request. However, the mod_dav_lock module is obsolete and rarely enabled in modern environments. The only known use-case for the module was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Due to this reason, this vulnerability has been rated with a low severity.\n\nThis flaw only affects configurations with mod_dav_lock loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29169"
},
{
"category": "external",
"summary": "RHBZ#2465296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T14:48:29.832000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_dav_lock and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer dereference via specially crafted request"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-33007",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-04T15:01:24.989510+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2465299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows an unauthenticated remote attacker to cause a crash in a child process. However, the main parent process remains active and functional. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_authn_socache loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33007"
},
{
"category": "external",
"summary": "RHBZ#2465299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T14:41:27.520000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_authn_socache and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash"
},
{
"cve": "CVE-2026-33857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-05-04T14:01:10.810459+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33857"
},
{
"category": "external",
"summary": "RHBZ#2464953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T13:07:30.753000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions"
},
{
"cve": "CVE-2026-34032",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-04T14:01:07.000400+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34032"
},
{
"category": "external",
"summary": "RHBZ#2464952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T12:54:54.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check"
},
{
"cve": "CVE-2026-34059",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2026-05-04T13:01:08.557596+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464940"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34059"
},
{
"category": "external",
"summary": "RHBZ#2464940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2026-05-04T12:39:42.273000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()"
},
{
"cve": "CVE-2026-45186",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2026-05-10T07:00:47.768180+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: denial of service via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file or input with an application linked to the libexpat library. Also, the only security impact of this flaw is a high consumption of CPU resources that can eventually cause a denial of service. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45186"
},
{
"category": "external",
"summary": "RHBZ#2468575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1216",
"url": "https://github.com/libexpat/libexpat/pull/1216"
}
],
"release_date": "2026-05-10T06:36:16.927000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the maximum size of incoming XML payloads. It is especially critical to limit the decompressed size if the application accepts compressed XML files. Also, consider running the application inside a container or a restricted environment to ensure that the high consumption of CPU resources does not affect the host system.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libexpat: denial of service via crafted XML input"
},
{
"cve": "CVE-2026-49975",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-05T06:04:44.009000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2485371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Apache\u0027s `httpd` HTTP/2 protocol implementation has a denial-of-service (DoS) vulnerability that is rated as Important. An unauthenticated remote attacker can exploit this flaw by combining HPACK compression with flow control manipulation, leading to significant server memory exhaustion and rendering the service inaccessible. This vulnerability exists in default HTTP/2 configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-49975"
},
{
"category": "external",
"summary": "RHBZ#2485371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975"
},
{
"category": "external",
"summary": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb",
"url": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb"
}
],
"release_date": "2026-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T15:13:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27201"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 2.4.62.SP4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:6190
Vulnerability from csaf_redhat - Published: 2026-03-30 14:45 - Updated: 2026-07-19 02:02A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnghttp2:\n * libnghttp2-1.68.1-1.hum1 (aarch64, x86_64)\n * libnghttp2-devel-1.68.1-1.hum1 (aarch64, x86_64)\n * mingw32-libnghttp2-1.68.1-1.hum1 (aarch64, x86_64)\n * mingw64-libnghttp2-1.68.1-1.hum1 (aarch64, x86_64)\n * nghttp2-1.68.1-1.hum1 (aarch64, x86_64)\n * nghttp2-1.68.1-1.hum1.src (source)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6190",
"url": "https://access.redhat.com/errata/RHSA-2026:6190"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27135",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6190.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-19T02:02:01+00:00",
"generator": {
"date": "2026-07-19T02:02:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:6190",
"initial_release_date": "2026-03-30T14:45:42+00:00",
"revision_history": [
{
"date": "2026-03-30T14:45:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T02:02:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-main@aarch64",
"product": {
"name": "nghttp2-main@aarch64",
"product_id": "nghttp2-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.68.1-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-main@x86_64",
"product": {
"name": "nghttp2-main@x86_64",
"product_id": "nghttp2-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.68.1-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-main@src",
"product": {
"name": "nghttp2-main@src",
"product_id": "nghttp2-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.68.1-1.hum1?arch=source\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nghttp2-main@aarch64"
},
"product_reference": "nghttp2-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nghttp2-main@src"
},
"product_reference": "nghttp2-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nghttp2-main@x86_64"
},
"product_reference": "nghttp2-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nghttp2-main@aarch64",
"Red Hat Hardened Images:nghttp2-main@src",
"Red Hat Hardened Images:nghttp2-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T14:45:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nghttp2-main@aarch64",
"Red Hat Hardened Images:nghttp2-main@src",
"Red Hat Hardened Images:nghttp2-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nghttp2-main@aarch64",
"Red Hat Hardened Images:nghttp2-main@src",
"Red Hat Hardened Images:nghttp2-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7080
Vulnerability from csaf_redhat - Published: 2026-04-08 13:58 - Updated: 2026-07-19 13:55A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs22 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime \\ for easily building fast, scalable network applications. \\ Node.js uses an event-driven, non-blocking I/O model that \\ makes it lightweight and efficient, perfect for data-intensive \\ real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7080",
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7080.json"
}
],
"title": "Red Hat Security Advisory: nodejs22 security update",
"tracking": {
"current_release_date": "2026-07-19T13:55:12+00:00",
"generator": {
"date": "2026-07-19T13:55:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7080",
"initial_release_date": "2026-04-08T13:58:58+00:00",
"revision_history": [
{
"date": "2026-04-08T13:58:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-08T13:58:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T13:55:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_id": "nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-1.el10_1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_id": "nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-1.el10_1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_id": "nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-1.el10_1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-devel-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-libs-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_id": "nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-1.el10_1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.22.2-1.el10_1.noarch",
"product": {
"name": "nodejs-docs-1:22.22.2-1.el10_1.noarch",
"product_id": "nodejs-docs-1:22.22.2-1.el10_1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.22.2-1.el10_1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-1:22.22.2-1.el10_1.src",
"product": {
"name": "nodejs22-1:22.22.2-1.el10_1.src",
"product_id": "nodejs22-1:22.22.2-1.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.22.2-1.el10_1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-devel-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.22.2-1.el10_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch"
},
"product_reference": "nodejs-docs-1:22.22.2-1.el10_1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-libs-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-1:22.22.2-1.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src"
},
"product_reference": "nodejs22-1:22.22.2-1.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T13:58:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-devel-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-docs-1:22.22.2-1.el10_1.noarch",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-full-i18n-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-libs-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.s390x",
"AppStream-10.1.Z:nodejs-npm-1:10.9.7-1.22.22.2.1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-1:22.22.2-1.el10_1.src",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debuginfo-1:22.22.2-1.el10_1.x86_64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.aarch64",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.ppc64le",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.s390x",
"AppStream-10.1.Z:nodejs22-debugsource-1:22.22.2-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
}
]
}
RHSA-2026:7123
Vulnerability from csaf_redhat - Published: 2026-04-08 18:17 - Updated: 2026-07-19 13:55A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7123",
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "RHEL-154019",
"url": "https://issues.redhat.com/browse/RHEL-154019"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7123.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2026-07-19T13:55:14+00:00",
"generator": {
"date": "2026-07-19T13:55:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7123",
"initial_release_date": "2026-04-08T18:17:58+00:00",
"revision_history": [
{
"date": "2026-04-08T18:17:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-08T18:17:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T13:55:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=src\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel8.10.0%2B24148%2B847b6786?arch=src\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=noarch\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel8.10.0%2B24148%2B847b6786?arch=noarch\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel8.10.0%2B24148%2B847b6786?arch=noarch\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel8.10.0%2B24148%2B847b6786?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020260331102257:6d880403"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-08T18:17:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.22.2-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.22.2-1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el8.10.0+24148+847b6786.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+24148+847b6786.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.7-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el8.10.0+24148+847b6786.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
}
]
}
RHSA-2026:7302
Vulnerability from csaf_redhat - Published: 2026-04-09 13:04 - Updated: 2026-07-19 13:55A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7302",
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7302.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2026-07-19T13:55:16+00:00",
"generator": {
"date": "2026-07-19T13:55:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7302",
"initial_release_date": "2026-04-09T13:04:58+00:00",
"revision_history": [
{
"date": "2026-04-09T13:04:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T13:04:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T13:55:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
}
]
}
RHSA-2026:7310
Vulnerability from csaf_redhat - Published: 2026-04-09 13:38 - Updated: 2026-07-19 13:55A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime \\ for easily building fast, scalable network applications. \\ Node.js uses an event-driven, non-blocking I/O model that \\ makes it lightweight and efficient, perfect for data-intensive \\ real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7310",
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7310.json"
}
],
"title": "Red Hat Security Advisory: nodejs22 security update",
"tracking": {
"current_release_date": "2026-07-19T13:55:20+00:00",
"generator": {
"date": "2026-07-19T13:55:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7310",
"initial_release_date": "2026-04-09T13:38:21+00:00",
"revision_history": [
{
"date": "2026-04-09T13:38:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T13:38:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T13:55:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_id": "nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_id": "nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_id": "nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-devel-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-libs-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"product": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"product_id": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.7-1.22.22.2.2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"product": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_id": "nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.22.2-2.el10_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.22.2-2.el10_0.noarch",
"product": {
"name": "nodejs-docs-1:22.22.2-2.el10_0.noarch",
"product_id": "nodejs-docs-1:22.22.2-2.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.22.2-2.el10_0?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-1:22.22.2-2.el10_0.src",
"product": {
"name": "nodejs22-1:22.22.2-2.el10_0.src",
"product_id": "nodejs22-1:22.22.2-2.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.22.2-2.el10_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-devel-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.22.2-2.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch"
},
"product_reference": "nodejs-docs-1:22.22.2-2.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-libs-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64"
},
"product_reference": "nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-1:22.22.2-2.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src"
},
"product_reference": "nodejs22-1:22.22.2-2.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
},
"product_reference": "nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:38:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.22.2-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.7-1.22.22.2.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.22.2-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.22.2-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.22.2-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
}
]
}
RHSA-2026:7350
Vulnerability from csaf_redhat - Published: 2026-04-09 20:27 - Updated: 2026-07-19 13:55A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.
CWE-425 - Direct Request ('Forced Browsing')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Nodejs denial of service (CVE-2026-21637)\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)\n\n* undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\n* Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)\n\n* nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)\n\n* Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)\n\n* Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)\n\n* Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)\n\n* nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7350",
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7350.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security update",
"tracking": {
"current_release_date": "2026-07-19T13:55:20+00:00",
"generator": {
"date": "2026-07-19T13:55:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7350",
"initial_release_date": "2026-04-09T20:27:37+00:00",
"revision_history": [
{
"date": "2026-04-09T20:27:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T20:27:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T13:55:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=src\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24)",
"product_id": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.11.0-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.14.1-2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.14.1.2.module%2Bel9.7.0%2B24166%2B51c9666b?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:9070020260402152654:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24"
},
"product_reference": "npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1527",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-03-12T21:01:21.390673+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the `upgrade` option of `client.request()`. This is possible because undici does not properly validate input for invalid header characters, which could lead to unauthorized information disclosure or bypassing of security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP header injection and request smuggling vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1527"
},
{
"category": "external",
"summary": "RHBZ#2447141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1527"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487198",
"url": "https://hackerone.com/reports/3487198"
}
],
"release_date": "2026-03-12T20:17:18.984000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP header injection and request smuggling vulnerability"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-2581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:10.589089+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447140"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. When the `interceptors.deduplicate()` feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled resource consumption. This leads to high memory usage and potential Out-Of-Memory (OOM) process termination, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service due to uncontrolled resource consumption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2581"
},
{
"category": "external",
"summary": "RHBZ#2447140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2581"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3513473",
"url": "https://hackerone.com/reports/3513473"
}
],
"release_date": "2026-03-12T20:13:19.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Denial of Service due to uncontrolled resource consumption"
},
{
"cve": "CVE-2026-21637",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:01:26.738343+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Systems configured according to Red Hat guidelines should have their services set to restart in the event of a process crash. This Host system service management mitigates the availability impact to Red Hat customers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "RHBZ#2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-21711",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-03-30T20:01:55.465001+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453158"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket (UDS) server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication (IPC) endpoints. As a result, unauthorized communication can occur between processes on the same host, bypassing the intended network security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21711"
},
{
"category": "external",
"summary": "RHBZ#2453158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21711"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.526000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks"
},
{
"cve": "CVE-2026-21712",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-03-30T16:02:27.812711+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a malformed Internationalized Domain Name (IDN) to the `url.format()` function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. This can disrupt services and make them unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21712"
},
{
"category": "external",
"summary": "RHBZ#2453037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21712"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3546390",
"url": "https://hackerone.com/reports/3546390"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T15:13:59.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing"
},
{
"cve": "CVE-2026-21713",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-03-30T20:02:02.430513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453160"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The HMAC (Hash-based Message Authentication Code) verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurements are possible, could be exploited by a remote attacker. This allows the attacker to infer sensitive HMAC values, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "RHBZ#2453160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453160"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Information disclosure via timing oracle in HMAC verification"
},
{
"cve": "CVE-2026-21714",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-03-30T20:02:06.237456+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOW_UPDATE frames on stream 0 (connection-level). These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Session objects are not properly cleaned up. This can result in resource exhaustion and a Denial of Service (DoS) condition for the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "RHBZ#2453161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21714"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames"
},
{
"cve": "CVE-2026-21715",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2026-03-30T20:01:25.714444+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the `fs.realpathSync.native()` function. This vulnerability allows code operating under `--permission` with restricted `--allow-fs-read` flags to bypass security controls. Consequently, an attacker can use `fs.realpathSync.native()` to determine file existence, resolve symbolic link targets, and enumerate filesystem paths outside of permitted directories, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "RHBZ#2453152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21715"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.507000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions"
},
{
"cve": "CVE-2026-21716",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-03-30T20:01:51.136802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "RHBZ#2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix."
},
{
"cve": "CVE-2026-21717",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2026-03-30T20:02:10.986695+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453162"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in V8\u0027s string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8\u0027s internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "RHBZ#2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T20:27:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:24.14.1-2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.3-3.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24166+51c9666b.src::nodejs:24",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:npm-1:11.11.0-1.24.14.1.2.module+el9.7.0+24166+51c9666b.noarch::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.aarch64::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.ppc64le::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.s390x::nodejs:24",
"AppStream-9.7.0.Z.MAIN:v8-13.6-devel-3:13.6.233.17-1.24.14.1.2.module+el9.7.0+24166+51c9666b.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7666
Vulnerability from csaf_redhat - Published: 2026-04-13 01:43 - Updated: 2026-06-30 04:29A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nghttp2 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.\n\nSecurity Fix(es):\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7666",
"url": "https://access.redhat.com/errata/RHSA-2026:7666"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7666.json"
}
],
"title": "Red Hat Security Advisory: nghttp2 security update",
"tracking": {
"current_release_date": "2026-06-30T04:29:18+00:00",
"generator": {
"date": "2026-06-30T04:29:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7666",
"initial_release_date": "2026-04-13T01:43:07+00:00",
"revision_history": [
{
"date": "2026-04-13T01:43:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T01:43:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:29:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.64.0-2.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.64.0-2.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.64.0-2.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.64.0-2.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.64.0-2.el10_1.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product_id": "nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product_id": "nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"product_id": "libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.64.0-2.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"product_id": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.64.0-2.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product_id": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.64.0-2.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product_id": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.64.0-2.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"product_id": "libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.64.0-2.el10_1.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.64.0-2.el10_1.1.s390x",
"product": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.s390x",
"product_id": "nghttp2-0:1.64.0-2.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.64.0-2.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.64.0-2.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.64.0-2.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.64.0-2.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.64.0-2.el10_1.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product_id": "nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-0:1.64.0-2.el10_1.1.src",
"product": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.src",
"product_id": "nghttp2-0:1.64.0-2.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.64.0-2.el10_1.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.src"
},
"product_reference": "nghttp2-0:1.64.0-2.el10_1.1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.src",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T01:43:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.src",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7666"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:libnghttp2-devel-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"AppStream-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.src",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"BaseOS-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:libnghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debuginfo-0:1.64.0-2.el10_1.1.x86_64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.aarch64",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.ppc64le",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.s390x",
"CRB-10.1.Z:nghttp2-debugsource-0:1.64.0-2.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7667
Vulnerability from csaf_redhat - Published: 2026-04-13 02:25 - Updated: 2026-06-30 04:29A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nghttp2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.\n\nSecurity Fix(es):\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7667",
"url": "https://access.redhat.com/errata/RHSA-2026:7667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7667.json"
}
],
"title": "Red Hat Security Advisory: nghttp2 security update",
"tracking": {
"current_release_date": "2026-06-30T04:29:20+00:00",
"generator": {
"date": "2026-06-30T04:29:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7667",
"initial_release_date": "2026-04-13T02:25:06+00:00",
"revision_history": [
{
"date": "2026-04-13T02:25:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:25:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:29:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.33.0-6.el8_10.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.33.0-6.el8_10.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.33.0-6.el8_10.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.33.0-6.el8_10.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product_id": "nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product_id": "nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.33.0-6.el8_10.2.i686",
"product": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.i686",
"product_id": "libnghttp2-0:1.33.0-6.el8_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"product": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"product_id": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.33.0-6.el8_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product_id": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.33.0-6.el8_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product_id": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.33.0-6.el8_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"product": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"product_id": "libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.33.0-6.el8_10.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.33.0-6.el8_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.33.0-6.el8_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.33.0-6.el8_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.33.0-6.el8_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product_id": "nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"product_id": "libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"product_id": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.33.0-6.el8_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product_id": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.33.0-6.el8_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product_id": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.33.0-6.el8_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"product_id": "libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.33.0-6.el8_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.33.0-6.el8_10.2.s390x",
"product": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.s390x",
"product_id": "nghttp2-0:1.33.0-6.el8_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-0:1.33.0-6.el8_10.2.src",
"product": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.src",
"product_id": "nghttp2-0:1.33.0-6.el8_10.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.33.0-6.el8_10.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "libnghttp2-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.src"
},
"product_reference": "nghttp2-0:1.33.0-6.el8_10.2.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "nghttp2-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.src",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:25:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.src",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.src",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:libnghttp2-devel-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debuginfo-0:1.33.0-6.el8_10.2.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.i686",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.s390x",
"CRB-8.10.0.Z.MAIN.EUS:nghttp2-debugsource-0:1.33.0-6.el8_10.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
RHSA-2026:7668
Vulnerability from csaf_redhat - Published: 2026-04-13 02:37 - Updated: 2026-06-30 04:29A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nghttp2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.\n\nSecurity Fix(es):\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7668",
"url": "https://access.redhat.com/errata/RHSA-2026:7668"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7668.json"
}
],
"title": "Red Hat Security Advisory: nghttp2 security update",
"tracking": {
"current_release_date": "2026-06-30T04:29:21+00:00",
"generator": {
"date": "2026-06-30T04:29:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7668",
"initial_release_date": "2026-04-13T02:37:51+00:00",
"revision_history": [
{
"date": "2026-04-13T02:37:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:37:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:29:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"product_id": "libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"product_id": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.43.0-6.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product_id": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.43.0-6.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product_id": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.43.0-6.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"product_id": "libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.43.0-6.el9_7.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.43.0-6.el9_7.1.s390x",
"product": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.s390x",
"product_id": "nghttp2-0:1.43.0-6.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.43.0-6.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.43.0-6.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.43.0-6.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.43.0-6.el9_7.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product_id": "nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product_id": "nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.43.0-6.el9_7.1.i686",
"product": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.i686",
"product_id": "libnghttp2-0:1.43.0-6.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"product": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"product_id": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.43.0-6.el9_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product_id": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.43.0-6.el9_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product_id": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.43.0-6.el9_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"product": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"product_id": "libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.43.0-6.el9_7.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2@1.43.0-6.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debugsource@1.43.0-6.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-debuginfo@1.43.0-6.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2-debuginfo@1.43.0-6.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libnghttp2-devel@1.43.0-6.el9_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product_id": "nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nghttp2-0:1.43.0-6.el9_7.1.src",
"product": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.src",
"product_id": "nghttp2-0:1.43.0-6.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nghttp2@1.43.0-6.el9_7.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "libnghttp2-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.src"
},
"product_reference": "nghttp2-0:1.43.0-6.el9_7.1.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "nghttp2-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64"
},
"product_reference": "nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"relates_to_product_reference": "CRB-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:37:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7668"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:libnghttp2-devel-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debuginfo-0:1.43.0-6.el9_7.1.x86_64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.aarch64",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.i686",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.ppc64le",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.s390x",
"CRB-9.7.0.Z.MAIN:nghttp2-debugsource-0:1.43.0-6.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.