RHSA-2026:39246
Vulnerability from csaf_redhat - Published: 2026-07-14 12:38 - Updated: 2026-07-15 09:31A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime \\ for easily building fast, scalable network applications. \\ Node.js uses an event-driven, non-blocking I/O model that \\ makes it lightweight and efficient, perfect for data-intensive \\ real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:39246",
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_39246.json"
}
],
"title": "Red Hat Security Advisory: nodejs22 security update",
"tracking": {
"current_release_date": "2026-07-15T09:31:25+00:00",
"generator": {
"date": "2026-07-15T09:31:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:39246",
"initial_release_date": "2026-07-14T12:38:01+00:00",
"revision_history": [
{
"date": "2026-07-14T12:38:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-14T12:38:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T09:31:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-devel-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-libs-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.23.1-2.el10_0.noarch",
"product": {
"name": "nodejs-docs-1:22.23.1-2.el10_0.noarch",
"product_id": "nodejs-docs-1:22.23.1-2.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.23.1-2.el10_0?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-1:22.23.1-2.el10_0.src",
"product": {
"name": "nodejs22-1:22.23.1-2.el10_0.src",
"product_id": "nodejs22-1:22.23.1-2.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.23.1-2.el10_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.23.1-2.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch"
},
"product_reference": "nodejs-docs-1:22.23.1-2.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-1:22.23.1-2.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src"
},
"product_reference": "nodejs22-1:22.23.1-2.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T12:38:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T12:38:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T12:38:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T12:38:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-14T12:38:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:39246"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-devel-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-docs-1:22.23.1-2.el10_0.noarch",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-full-i18n-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-libs-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-1:22.23.1-2.el10_0.src",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debuginfo-1:22.23.1-2.el10_0.x86_64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.aarch64",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.s390x",
"AppStream-10.0.Z.E2S:nodejs22-debugsource-1:22.23.1-2.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.