{"id":"CLSA-2026-1777395480","summary":"nodejs: Fix of 3 CVEs","details":"- CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator\n  caused by unbounded whitespace expansion in version ranges\n- CVE-2026-21710: fix HTTP prototype pollution in http.get/request via\n  headersDistinct option by using null-prototype objects for header storage\n- CVE-2026-27135: fix bundled nghttp2 IGN_ALL flag bypass that allowed attackers\n  to ignore header validation and smuggle malformed HTTP/2 requests","modified":"2026-05-27T11:18:13.869809883Z","published":"2026-04-28T16:58:05Z","upstream":["CVE-2022-25883","CVE-2026-21710","CVE-2026-27135"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1777395480.html"}],"affected":[{"package":{"name":"nodejs","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/nodejs?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"nodejs-devel","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/nodejs-devel?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"nodejs-docs","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/nodejs-docs?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"nodejs-full-i18n","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/nodejs-full-i18n?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"nodejs-libs","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/nodejs-libs?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"npm","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/npm?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:8.19.4_1.16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}},{"package":{"name":"v8-devel","ecosystem":"TuxCare:AlmaLinux:9.6","purl":"pkg:rpm/tuxcare/v8-devel?distro=almalinux-9.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777395480.json"}}],"schema_version":"1.7.5"}