Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-48618 (GCVE-0-2026-48618)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:14 – Updated: 2026-06-26 15:10- CWE-176 - Improper Handling of Unicode Encoding
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T15:10:27.583362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:10:40.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "node",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "22.22.3",
"status": "affected",
"version": "22.22.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.16.0",
"status": "affected",
"version": "24.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "26.3.0",
"status": "affected",
"version": "26.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176 Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:14:36.868Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-48618",
"datePublished": "2026-06-26T01:14:36.868Z",
"dateReserved": "2026-05-22T15:00:09.276Z",
"dateUpdated": "2026-06-26T15:10:40.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-48618",
"date": "2026-07-09",
"epss": "0.00674",
"percentile": "0.47792"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48618\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2026-06-26T02:16:52.397\",\"lastModified\":\"2026-06-26T20:18:43.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\\r\\n\\r\\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\\r\\n\\r\\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.\"}],\"affected\":[{\"source\":\"support@hackerone.com\",\"affectedData\":[{\"vendor\":\"nodejs\",\"product\":\"node\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"22.22.3\",\"lessThanOrEqual\":\"22.22.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"24.16.0\",\"lessThanOrEqual\":\"24.16.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"26.3.0\",\"lessThanOrEqual\":\"26.3.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-26T15:10:27.583362Z\",\"id\":\"CVE-2026-48618\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-176\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"3C0C5080-5F99-4651-9855-2DE03C9070C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"3B912C84-1AA5-4D74-AB1A-64162C80A33B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"8152ACE6-3CAF-4CA0-8B19-D4753811EB44\"}]}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-06T19:05:04+00:00",
"cve": "CVE-2026-48618",
"id": "CVE-2026-48618",
"initial_release_date": "2026-06-26T01:14:36.868000+00:00",
"product_status:fixed": "172",
"product_status:known_affected": "28",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48618.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48618\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-26T15:10:27.583362Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-26T15:10:33.683Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"node\", \"versions\": [{\"status\": \"affected\", \"version\": \"22.22.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"22.22.3\"}, {\"status\": \"affected\", \"version\": \"24.16.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"24.16.0\"}, {\"status\": \"affected\", \"version\": \"26.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"26.3.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\\r\\n\\r\\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\\r\\n\\r\\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-176\", \"description\": \"CWE-176 Improper Handling of Unicode Encoding\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2026-06-26T01:14:36.868Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48618\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-26T15:10:40.049Z\", \"dateReserved\": \"2026-05-22T15:00:09.276Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2026-06-26T01:14:36.868Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:29012
Vulnerability from csaf_redhat - Published: 2026-06-24 11:59 - Updated: 2026-07-06 19:35A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs24-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs24:\n * nodejs24-24.18.0-0.1.hum1 (aarch64, x86_64)\n * nodejs24-bin-24.18.0-0.1.hum1 (noarch)\n * nodejs24-devel-24.18.0-0.1.hum1 (aarch64, x86_64)\n * nodejs24-docs-24.18.0-0.1.hum1 (noarch)\n * nodejs24-full-i18n-24.18.0-0.1.hum1 (aarch64, x86_64)\n * nodejs24-libs-24.18.0-0.1.hum1 (aarch64, x86_64)\n * nodejs24-npm-11.16.0-1.24.18.0.0.1.hum1 (noarch)\n * nodejs24-npm-bin-24.18.0-0.1.hum1 (noarch)\n * v8-13.6-devel-13.6.233.17-1.24.18.0.0.1.hum1 (aarch64, x86_64)\n * nodejs24-24.18.0-0.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29012",
"url": "https://access.redhat.com/errata/RHSA-2026:29012"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29012.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-06T19:35:42+00:00",
"generator": {
"date": "2026-07-06T19:35:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:29012",
"initial_release_date": "2026-06-24T11:59:42+00:00",
"revision_history": [
{
"date": "2026-06-24T11:59:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-27T00:14:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-06T19:35:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-main@aarch64",
"product": {
"name": "nodejs24-main@aarch64",
"product_id": "nodejs24-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-main@src",
"product": {
"name": "nodejs24-main@src",
"product_id": "nodejs24-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-main@x86_64",
"product": {
"name": "nodejs24-main@x86_64",
"product_id": "nodejs24-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-main@noarch",
"product": {
"name": "nodejs24-main@noarch",
"product_id": "nodejs24-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-bin@24.18.0-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs24-main@aarch64"
},
"product_reference": "nodejs24-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs24-main@noarch"
},
"product_reference": "nodejs24-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs24-main@src"
},
"product_reference": "nodejs24-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs24-main@x86_64"
},
"product_reference": "nodejs24-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T11:59:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T11:59:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T11:59:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29012"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs24-main@aarch64",
"Red Hat Hardened Images:nodejs24-main@noarch",
"Red Hat Hardened Images:nodejs24-main@src",
"Red Hat Hardened Images:nodejs24-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
}
]
}
RHSA-2026:30172
Vulnerability from csaf_redhat - Published: 2026-06-25 23:04 - Updated: 2026-07-06 19:35A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs26:\n * nodejs26-26.4.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-bin-26.4.0-1.2.hum1 (noarch)\n * nodejs26-devel-26.4.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-docs-26.4.0-1.2.hum1 (noarch)\n * nodejs26-full-i18n-26.4.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-libs-26.4.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-npm-11.17.0-1.26.4.0.1.2.hum1 (noarch)\n * nodejs26-npm-bin-26.4.0-1.2.hum1 (noarch)\n * v8-14.6-devel-14.6.202.34-1.26.4.0.1.2.hum1 (aarch64, x86_64)\n * nodejs26-26.4.0-1.2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:30172",
"url": "https://access.redhat.com/errata/RHSA-2026:30172"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30172.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-06T19:35:42+00:00",
"generator": {
"date": "2026-07-06T19:35:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:30172",
"initial_release_date": "2026-06-25T23:04:13+00:00",
"revision_history": [
{
"date": "2026-06-25T23:04:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-27T00:14:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-06T19:35:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@aarch64",
"product": {
"name": "nodejs26-main@aarch64",
"product_id": "nodejs26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.4.0-1.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@src",
"product": {
"name": "nodejs26-main@src",
"product_id": "nodejs26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.4.0-1.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@x86_64",
"product": {
"name": "nodejs26-main@x86_64",
"product_id": "nodejs26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.4.0-1.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@noarch",
"product": {
"name": "nodejs26-main@noarch",
"product_id": "nodejs26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26-bin@26.4.0-1.2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@aarch64"
},
"product_reference": "nodejs26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@noarch"
},
"product_reference": "nodejs26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@src"
},
"product_reference": "nodejs26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@x86_64"
},
"product_reference": "nodejs26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T23:04:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T23:04:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T23:04:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
}
]
}
RHSA-2026:35841
Vulnerability from csaf_redhat - Published: 2026-07-06 04:52 - Updated: 2026-07-09 13:21A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs24 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs24: Rebase to the latest Node.js 24 release [rhel-10.2.z] (JIRA:RHEL-186582)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35841",
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186582",
"url": "https://issues.redhat.com/browse/RHEL-186582"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35841.json"
}
],
"title": "Red Hat Security Advisory: nodejs24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35841",
"initial_release_date": "2026-07-06T04:52:46+00:00",
"revision_history": [
{
"date": "2026-07-06T04:52:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T04:52:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.src",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.src",
"product_id": "nodejs24-1:24.18.0-1.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product": {
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product_id": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-docs@24.18.0-1.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product": {
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product_id": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-npm@11.16.0-1.24.18.0.1.el10_2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch"
},
"product_reference": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
},
"product_reference": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35842
Vulnerability from csaf_redhat - Published: 2026-07-06 05:32 - Updated: 2026-07-08 23:16A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs22 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime \\ for easily building fast, scalable network applications. \\ Node.js uses an event-driven, non-blocking I/O model that \\ makes it lightweight and efficient, perfect for data-intensive \\ real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs22: Rebase to the latest Node.js 22 release [rhel-10.2.z] (JIRA:RHEL-186623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35842",
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186623",
"url": "https://issues.redhat.com/browse/RHEL-186623"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35842.json"
}
],
"title": "Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T23:16:04+00:00",
"generator": {
"date": "2026-07-08T23:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35842",
"initial_release_date": "2026-07-06T05:32:31+00:00",
"revision_history": [
{
"date": "2026-07-06T05:32:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T05:32:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product": {
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product_id": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.23.1-2.el10_2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-1:22.23.1-2.el10_2.src",
"product": {
"name": "nodejs22-1:22.23.1-2.el10_2.src",
"product_id": "nodejs22-1:22.23.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.23.1-2.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch"
},
"product_reference": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-1:22.23.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src"
},
"product_reference": "nodejs22-1:22.23.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35891
Vulnerability from csaf_redhat - Published: 2026-07-06 14:47 - Updated: 2026-07-09 13:21A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:24/nodejs: Rebase to the latest Node.js 24 release [rhel-9.8.z] (JIRA:RHEL-186580)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35891",
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186580",
"url": "https://issues.redhat.com/browse/RHEL-186580"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35891.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35891",
"initial_release_date": "2026-07-06T14:47:52+00:00",
"revision_history": [
{
"date": "2026-07-06T14:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T14:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.16.0-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35892
Vulnerability from csaf_redhat - Published: 2026-07-06 15:07 - Updated: 2026-07-08 23:16A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:22/nodejs: Rebase to the latest Node.js 22 release [rhel-9.8.z] (JIRA:RHEL-186622)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35892",
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186622",
"url": "https://issues.redhat.com/browse/RHEL-186622"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35892.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T23:16:04+00:00",
"generator": {
"date": "2026-07-08T23:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35892",
"initial_release_date": "2026-07-06T15:07:52+00:00",
"revision_history": [
{
"date": "2026-07-06T15:07:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T15:07:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=src\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=src\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:7378
Vulnerability from csaf_redhat - Published: 2026-04-10 13:03 - Updated: 2026-07-09 13:21A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.
CWE-648 - Incorrect Use of Privileged APIs| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7378",
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59464",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55132",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55131",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55130",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9675",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9678",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48936",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48934",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48928",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48930",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48619",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48935",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59870",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59868",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7378.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T13:21:42+00:00",
"generator": {
"date": "2026-07-09T13:21:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:7378",
"initial_release_date": "2026-04-10T13:03:00+00:00",
"revision_history": [
{
"date": "2026-04-10T13:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T05:11:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@aarch64",
"product": {
"name": "nodejs25-main@aarch64",
"product_id": "nodejs25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@src",
"product": {
"name": "nodejs25-main@src",
"product_id": "nodejs25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@x86_64",
"product": {
"name": "nodejs25-main@x86_64",
"product_id": "nodejs25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@noarch",
"product": {
"name": "nodejs25-main@noarch",
"product_id": "nodejs25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25-bin@25.9.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@aarch64"
},
"product_reference": "nodejs25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@noarch"
},
"product_reference": "nodejs25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@src"
},
"product_reference": "nodejs25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@x86_64"
},
"product_reference": "nodejs25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55130",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:03:01.083023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431352"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js\u2019s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs file permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "RHBZ#2431352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.393000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs file permissions bypass"
},
{
"cve": "CVE-2025-55131",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-01-20T21:02:45.759578+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431350"
}
],
"notes": [
{
"category": "description",
"text": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js\u0027s buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs uninitialized memory exposure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "RHBZ#2431350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.591000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs uninitialized memory exposure"
},
{
"cve": "CVE-2025-55132",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:01:12.192484+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431338"
}
],
"notes": [
{
"category": "description",
"text": "A file access flaw has been discovered in NodeJS. A file\u0027s access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs filesystem permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "RHBZ#2431338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.620000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs filesystem permissions bypass"
},
{
"cve": "CVE-2025-59464",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-20T21:01:52.581156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431344"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js\u2019s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "RHBZ#2431344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.599000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs memory leak"
},
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9675",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-06-17T17:01:41.811903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated Moderate by Red Hat (CVSS 5.9) because successful exploitation requires the undici WebSocket client to connect to an attacker-controlled server (AC:H), which is unlikely in typical Red Hat product deployments where WebSocket endpoints are trusted internal services. No Red Hat product is affected \u2014 all streams shipping undici bundle versions 5.x through 7.x, which are outside the vulnerable range of 8.0.0 to 8.4.x. The vulnerable code path (unbounded WebSocket frame accumulation) was introduced in undici 8.0.0 and is not present in earlier major versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "RHBZ#2489979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq"
}
],
"release_date": "2026-06-17T16:20:32.548000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Red Hat products that bundle the undici HTTP client ship versions 5.x, 6.x, and 7.x, which do not contain the vulnerable WebSocket frame accumulation code path introduced in undici 8.0.0. No Red Hat product streams are affected by this vulnerability. Users who have manually installed undici 8.x outside of Red Hat-provided packages should upgrade to undici 8.5.0 or later to fully resolve this issue.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
},
{
"cve": "CVE-2026-48936",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2026-06-26T02:02:04.921691+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "RHBZ#2493336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.878000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw"
}
]
}
RHSA-2026:9455
Vulnerability from csaf_redhat - Published: 2026-04-21 17:31 - Updated: 2026-07-09 05:46A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.
CWE-648 - Incorrect Use of Privileged APIs| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs20:\n * nodejs20-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-bin-20.20.2-1.hum1 (noarch)\n * nodejs20-devel-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-docs-20.20.2-1.hum1 (noarch)\n * nodejs20-full-i18n-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-libs-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-npm-10.8.2-1.20.20.2.1.hum1 (noarch)\n * nodejs20-npm-bin-20.20.2-1.hum1 (noarch)\n * v8-11.3-devel-11.3.244.8-1.20.20.2.1.hum1 (aarch64, x86_64)\n * nodejs20-20.20.2-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9455",
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8723",
"url": "https://access.redhat.com/security/cve/CVE-2026-8723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48936",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48934",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48928",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48930",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48619",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48935",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59870",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59868",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T05:46:00+00:00",
"generator": {
"date": "2026-07-09T05:46:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:9455",
"initial_release_date": "2026-04-21T17:31:07+00:00",
"revision_history": [
{
"date": "2026-04-21T17:31:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T05:11:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T05:46:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@aarch64",
"product": {
"name": "nodejs20-main@aarch64",
"product_id": "nodejs20-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@src",
"product": {
"name": "nodejs20-main@src",
"product_id": "nodejs20-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@x86_64",
"product": {
"name": "nodejs20-main@x86_64",
"product_id": "nodejs20-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@noarch",
"product": {
"name": "nodejs20-main@noarch",
"product_id": "nodejs20-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20-bin@20.20.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@aarch64"
},
"product_reference": "nodejs20-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@noarch"
},
"product_reference": "nodejs20-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@src"
},
"product_reference": "nodejs20-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@x86_64"
},
"product_reference": "nodejs20-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
},
{
"cve": "CVE-2026-48936",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2026-06-26T02:02:04.921691+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "RHBZ#2493336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.878000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw"
}
]
}
SUSE-SU-2026:22368-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:57 - Updated: 2026-06-25 12:57| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues\n\nUpdate to 22.23.0:\n\n- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response\n delivery (bsc#1268479).\n- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`\n value can lead to DoS (bsc#1266318).\n- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).\n- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header\n (bsc#1268481).\n- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).\n- CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths\n and can cause a denial of service (bsc#1256576).\n- CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455).\n- CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463).\n- CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480).\n- CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482).\n- CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462).\n- CVE-2026-21717: crafted request can lead to hash collisions trivially predictable (bsc#1260494).\n- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).\n- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).\n- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).\n- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).\n- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation\n (bsc#1268554).\n- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to\n resolver and verifier hostname normalization mismatch (bsc#1268593).\n- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).\n- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname\n matching (bsc#1268605).\n- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver\n bindings (bsc#1268606).\n- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).\n- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).\n- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to\n unauthorized connections (bsc#1268608).\n- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).\n- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22368-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22368-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047771.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1259853",
"url": "https://bugzilla.suse.com/1259853"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE Bug 1262274",
"url": "https://bugzilla.suse.com/1262274"
},
{
"category": "self",
"summary": "SUSE Bug 1266318",
"url": "https://bugzilla.suse.com/1266318"
},
{
"category": "self",
"summary": "SUSE Bug 1268097",
"url": "https://bugzilla.suse.com/1268097"
},
{
"category": "self",
"summary": "SUSE Bug 1268477",
"url": "https://bugzilla.suse.com/1268477"
},
{
"category": "self",
"summary": "SUSE Bug 1268479",
"url": "https://bugzilla.suse.com/1268479"
},
{
"category": "self",
"summary": "SUSE Bug 1268481",
"url": "https://bugzilla.suse.com/1268481"
},
{
"category": "self",
"summary": "SUSE Bug 1268482",
"url": "https://bugzilla.suse.com/1268482"
},
{
"category": "self",
"summary": "SUSE Bug 1268554",
"url": "https://bugzilla.suse.com/1268554"
},
{
"category": "self",
"summary": "SUSE Bug 1268555",
"url": "https://bugzilla.suse.com/1268555"
},
{
"category": "self",
"summary": "SUSE Bug 1268592",
"url": "https://bugzilla.suse.com/1268592"
},
{
"category": "self",
"summary": "SUSE Bug 1268593",
"url": "https://bugzilla.suse.com/1268593"
},
{
"category": "self",
"summary": "SUSE Bug 1268598",
"url": "https://bugzilla.suse.com/1268598"
},
{
"category": "self",
"summary": "SUSE Bug 1268605",
"url": "https://bugzilla.suse.com/1268605"
},
{
"category": "self",
"summary": "SUSE Bug 1268606",
"url": "https://bugzilla.suse.com/1268606"
},
{
"category": "self",
"summary": "SUSE Bug 1268608",
"url": "https://bugzilla.suse.com/1268608"
},
{
"category": "self",
"summary": "SUSE Bug 1268609",
"url": "https://bugzilla.suse.com/1268609"
},
{
"category": "self",
"summary": "SUSE Bug 1268611",
"url": "https://bugzilla.suse.com/1268611"
},
{
"category": "self",
"summary": "SUSE Bug 1268618",
"url": "https://bugzilla.suse.com/1268618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-06-25T12:57:12Z",
"generator": {
"date": "2026-06-25T12:57:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22368-1",
"initial_release_date": "2026-06-25T12:57:12Z",
"revision_history": [
{
"date": "2026-06-25T12:57:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product_id": "corepack22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product_id": "npm22-22.23.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product_id": "nodejs22-docs-22.23.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product_id": "corepack22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product_id": "npm22-22.23.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product": {
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product_id": "corepack22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.s390x",
"product": {
"name": "npm22-22.23.0-160000.1.1.s390x",
"product_id": "npm22-22.23.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product_id": "corepack22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product_id": "npm22-22.23.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
SUSE-SU-2026:2647-1
Vulnerability from csaf_suse - Published: 2026-06-26 10:34 - Updated: 2026-06-26 10:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues\n\nUpdate to 22.23.0:\n\n- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response\n delivery (bsc#1268479).\n- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`\n value can lead to DoS (bsc#1266318).\n- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).\n- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header\n (bsc#1268481).\n- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).\n- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).\n- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).\n- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).\n- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).\n- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation\n (bsc#1268554).\n- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to\n resolver and verifier hostname normalization mismatch (bsc#1268593).\n- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).\n- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname\n matching (bsc#1268605).\n- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver\n bindings (bsc#1268606).\n- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).\n- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).\n- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to\n unauthorized connections (bsc#1268608).\n- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).\n- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2647,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2647,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2647",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2647-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2647-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262647-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2647-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047643.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259853",
"url": "https://bugzilla.suse.com/1259853"
},
{
"category": "self",
"summary": "SUSE Bug 1262274",
"url": "https://bugzilla.suse.com/1262274"
},
{
"category": "self",
"summary": "SUSE Bug 1266318",
"url": "https://bugzilla.suse.com/1266318"
},
{
"category": "self",
"summary": "SUSE Bug 1268097",
"url": "https://bugzilla.suse.com/1268097"
},
{
"category": "self",
"summary": "SUSE Bug 1268477",
"url": "https://bugzilla.suse.com/1268477"
},
{
"category": "self",
"summary": "SUSE Bug 1268479",
"url": "https://bugzilla.suse.com/1268479"
},
{
"category": "self",
"summary": "SUSE Bug 1268481",
"url": "https://bugzilla.suse.com/1268481"
},
{
"category": "self",
"summary": "SUSE Bug 1268482",
"url": "https://bugzilla.suse.com/1268482"
},
{
"category": "self",
"summary": "SUSE Bug 1268554",
"url": "https://bugzilla.suse.com/1268554"
},
{
"category": "self",
"summary": "SUSE Bug 1268555",
"url": "https://bugzilla.suse.com/1268555"
},
{
"category": "self",
"summary": "SUSE Bug 1268592",
"url": "https://bugzilla.suse.com/1268592"
},
{
"category": "self",
"summary": "SUSE Bug 1268593",
"url": "https://bugzilla.suse.com/1268593"
},
{
"category": "self",
"summary": "SUSE Bug 1268598",
"url": "https://bugzilla.suse.com/1268598"
},
{
"category": "self",
"summary": "SUSE Bug 1268605",
"url": "https://bugzilla.suse.com/1268605"
},
{
"category": "self",
"summary": "SUSE Bug 1268606",
"url": "https://bugzilla.suse.com/1268606"
},
{
"category": "self",
"summary": "SUSE Bug 1268608",
"url": "https://bugzilla.suse.com/1268608"
},
{
"category": "self",
"summary": "SUSE Bug 1268609",
"url": "https://bugzilla.suse.com/1268609"
},
{
"category": "self",
"summary": "SUSE Bug 1268611",
"url": "https://bugzilla.suse.com/1268611"
},
{
"category": "self",
"summary": "SUSE Bug 1268618",
"url": "https://bugzilla.suse.com/1268618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-06-26T10:34:05Z",
"generator": {
"date": "2026-06-26T10:34:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2647-1",
"initial_release_date": "2026-06-26T10:34:05Z",
"revision_history": [
{
"date": "2026-06-26T10:34:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.aarch64",
"product_id": "corepack22-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"product_id": "nodejs22-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64",
"product_id": "npm22-22.23.0-150600.13.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.i586",
"product_id": "corepack22-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.i586",
"product_id": "nodejs22-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.i586",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.i586",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.i586",
"product_id": "npm22-22.23.0-150600.13.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"product": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"product_id": "nodejs22-docs-22.23.0-150600.13.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "corepack22-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "nodejs22-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "npm22-22.23.0-150600.13.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.s390x",
"product_id": "corepack22-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x",
"product_id": "nodejs22-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.s390x",
"product_id": "npm22-22.23.0-150600.13.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.x86_64",
"product_id": "corepack22-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"product_id": "nodejs22-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64",
"product_id": "npm22-22.23.0-150600.13.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6",
"product_id": "SUSE Linux Enterprise Server 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.