RHSA-2026:7310 Red Hat Security Advisory: nodejs22 security update

Bulletin has no description...

RHSA-2026:7302 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

RLSA-2026:7350 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

PT-2026-32006

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift AI odh-dashboard affected versions not specified Description A flaw exists in the odh-dashboard component of Red Hat OpenShift AI RHOAI that allows for the disclosure of Kubernetes Service Account tokens through a NodeJS...

nodejs:24 security update

nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fix BR for nodejs-npm nodejs-packaging 2021.06-6 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121581 2021.06-5 -...

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-152...

Important Photon OS Security Update - PHSA-2026-4.0-0995

Updates of 'libtiff', 'python3-pyasn1', 'python3-PyJWT', 'nodejs', 'rubygem-rdiscount', 'rubygem-activesupport' packages of Photon OS have been released...

CVE-2026-21710 affecting package nodejs for versions less than 20.14.0-15

CVE-2026-21710 affecting package nodejs for versions less than 20.14.0-15. A patched version of the package is available...

CVE-2026-21716 affecting package nodejs for versions less than 20.14.0-15

CVE-2026-21716 affecting package nodejs for versions less than 20.14.0-15. A patched version of the package is available...

CVE-2026-21714 affecting package nodejs for versions less than 20.14.0-15

CVE-2026-21714 affecting package nodejs for versions less than 20.14.0-15. A patched version of the package is available...

CVE-2026-21715 affecting package nodejs for versions less than 20.14.0-15

CVE-2026-21715 affecting package nodejs for versions less than 20.14.0-15. A patched version of the package is available...

CVE-2026-21713 affecting package nodejs for versions less than 20.14.0-15

CVE-2026-21713 affecting package nodejs for versions less than 20.14.0-15. A patched version of the package is available...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

Important: Red Hat Security Advisory: nodejs:24 security update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

A flaw was found in Node.js. The HMAC Hash-based Message Authentication Code verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurement...

CVE-2026-39983

Summary: CVE-2026-39983 affects the Node.js FTP client package basic-ftp prior to v5.2.1. The vulnerability arises from FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level APIs (cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), removeDir()). Th...

Important: Red Hat Security Advisory: nodejs22 security update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...