RHSA-2026:7302
Vulnerability from csaf_redhat - Published: 2026-04-09 13:04 - Updated: 2026-04-10 01:26Summary
Red Hat Security Advisory: nodejs:22 security update
Severity
Important
Notes
Topic: An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)
* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)
* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)
* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)
* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)
* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)
* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
7.3 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:7302
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)\n\n* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)\n\n* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)\n\n* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7302",
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7302.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2026-04-10T01:26:18+00:00",
"generator": {
"date": "2026-04-10T01:26:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7302",
"initial_release_date": "2026-04-09T13:04:58+00:00",
"revision_history": [
{
"date": "2026-04-09T13:04:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T13:04:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-10T01:26:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=src\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=noarch\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.22.2-1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.7-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.22.2.1.module%2Bel9.7.0%2B24157%2B8ddb2461?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9070020260401095228:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-21710",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-03-30T20:01:21.196629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453151"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "RHBZ#2453151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.558000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header"
},
{
"cve": "CVE-2026-25547",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-04T22:01:11.784120+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion component. This denial of service (DoS) vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory resources. This can lead to a system crash, impacting the availability of the service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "RHBZ#2436942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25547"
},
{
"category": "external",
"summary": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"release_date": "2026-02-04T21:51:17.198000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27135",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-18T19:02:13.823002+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448754"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "RHBZ#2448754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27135"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1",
"url": "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1"
},
{
"category": "external",
"summary": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6",
"url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6"
}
],
"release_date": "2026-03-18T17:59:02.045000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:04:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-devel-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-docs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-libs-debuginfo-1:22.22.2-1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24157+8ddb2461.src::nodejs:22",
"AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24157+8ddb2461.noarch::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:npm-1:10.9.7-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.aarch64::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.ppc64le::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.s390x::nodejs:22",
"AppStream-9.7.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.22.2.1.module+el9.7.0+24157+8ddb2461.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…