Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

SUSE-SU-2026:1478-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

OESA-2026-1954 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

OESA-2026-1951 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1363-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1363-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...

SUSE-SU-2026:21181-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

Important: nodejs24

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

ALSA-2026:7670 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1576)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1576 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

RockyLinux 9 : nodejs:24 (RLSA-2026:7350)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

EUVD-2026-17174

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

Updated nodejs packages fix security vulnerabilities

Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...