Release date:
2026-06-16 12:27:15 UTC
Description:
- CVE-2023-30581: handle mainModule.__proto__ bypass of the experimental
policy mechanism; set the policy-wrapped require on Module.prototype and
use setOwnProperty for process.mainModule (backport of nodejs/node d0a8264ec9)
- CVE-2023-44487: HTTP/2 Rapid Reset; backport the nghttp2 RST_STREAM
rate-limit mitigation (token-bucket limiter, default burst 1000 / rate 33,
GOAWAY on exhaustion) into bundled deps/nghttp2 (backport of nghttp2 72b4af6)
Updated packages:
-
alt-nodejs12-nodejs-12.22.12-21.el7.x86_64.rpm
sha:0f9d77e7aa98b503a101eaf42a60e94710127feeee97d342bc1b0f4f19e54a0a
-
alt-nodejs12-nodejs-devel-12.22.12-21.el7.x86_64.rpm
sha:beca1dcf71289787cd0d748782ca7cac8bc203373b06773bfccfd024beb33aa9
-
alt-nodejs12-nodejs-docs-12.22.12-21.el7.noarch.rpm
sha:6797d4573e9b6d81221c4f871b88a6b32a854ab6bbbc2c3ccd7f4c96733a845d
-
alt-nodejs12-npm-6.14.16-12.22.12.21.el7.x86_64.rpm
sha:7f255ddca37667666d661cd4256ce21cf4602f070d70930c8a7dd2efbd15574d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
