CLSA-2026-1777394614

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLSA-2026-1777394614

Upstream

CVE-2022-25883

CVE-2026-21710

CVE-2026-27135

Published

2026-04-28T16:43:39Z

Modified

2026-05-27T11:17:16.112214177Z

Summary

nodejs: Fix of 3 CVEs

Details

CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges
CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage
CVE-2026-27135: fix bundled nghttp2 IGN_ALL flag bypass that allowed attackers to ignore header validation and smuggle malformed HTTP/2 requests

References

https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1777394614.html

Affected packages

TuxCare:AlmaLinux:9.2

nodejs

Package

Name: nodejs
Purl: pkg:rpm/tuxcare/nodejs?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

nodejs-devel

Package

Name: nodejs-devel
Purl: pkg:rpm/tuxcare/nodejs-devel?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

nodejs-docs

Package

Name: nodejs-docs
Purl: pkg:rpm/tuxcare/nodejs-docs?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

nodejs-full-i18n

Package

Name: nodejs-full-i18n
Purl: pkg:rpm/tuxcare/nodejs-full-i18n?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

nodejs-libs

Package

Name: nodejs-libs
Purl: pkg:rpm/tuxcare/nodejs-libs?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

npm

Package

Name: npm
Purl: pkg:rpm/tuxcare/npm?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.19.4_1.16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"

v8-devel

Package

Name: v8-devel
Purl: pkg:rpm/tuxcare/v8-devel?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els13

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1777394614.json"