3 matches found
BIT-NODE-2026-48615
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...
PT-2026-50893
Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in TLS hostname handling occurs when Node.js processes unicode dot separators, leading to a mismatch between resolver and verifier hostname normalization. This discrepancy can result in a...
Tuesday, March 24, 2026 Security Releases
Tuesday, March 24, 2026 Security Releases Security releases available Updates are now available for the 25.x, 24.x, 22.x, 20.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: undici 6.24.1, 7.24.4 o...