CLSA-2026-1772617597

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLSA-2026-1772617597

Upstream

CVE-2023-39333

CVE-2025-22150

Published

2026-03-04T09:46:41Z

Modified

2026-05-27T11:17:56.496359536Z

Summary

nodejs: Fix of 2 CVEs

Details

CVE-2025-22150: fix issue where undici used Math.random() to choose boundary for multipart/form-data request, now uses secure random number generator
CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code
Run full Node.js tests in %check
Fix comment typo in spec

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1772617597.html

Affected packages

TuxCare:AlmaLinux:9.6

nodejs

Package

Name: nodejs
Purl: pkg:rpm/tuxcare/nodejs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

nodejs-devel

Package

Name: nodejs-devel
Purl: pkg:rpm/tuxcare/nodejs-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

nodejs-docs

Package

Name: nodejs-docs
Purl: pkg:rpm/tuxcare/nodejs-docs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

nodejs-full-i18n

Package

Name: nodejs-full-i18n
Purl: pkg:rpm/tuxcare/nodejs-full-i18n?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

nodejs-libs

Package

Name: nodejs-libs
Purl: pkg:rpm/tuxcare/nodejs-libs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

npm

Package

Name: npm
Purl: pkg:rpm/tuxcare/npm?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.19.4_1.16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"

v8-devel

Package

Name: v8-devel
Purl: pkg:rpm/tuxcare/v8-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772617597.json"