Release date:
2026-06-16 12:17:25 UTC
Description:
- CVE-2023-30581: handle mainModule.__proto__ bypass of the experimental
policy mechanism; set the policy-wrapped require on Module.prototype and
use setOwnProperty for process.mainModule (backport of nodejs/node d0a8264ec9)
- CVE-2023-44487: HTTP/2 Rapid Reset; backport the nghttp2 RST_STREAM
rate-limit mitigation (token-bucket limiter, default burst 1000 / rate 33,
GOAWAY on exhaustion) into bundled deps/nghttp2 (backport of nghttp2 72b4af6)
Updated packages:
-
alt-nodejs12-nodejs-12.22.12-21.el8.x86_64.rpm
sha:851104ab67f55ea51840a85c63d9e776759eadc988d93a9bee5f08c4949174e0
-
alt-nodejs12-nodejs-devel-12.22.12-21.el8.x86_64.rpm
sha:6f3acfe7cc4a7a715d47f16def3f9b123f6bded44869f225617cd3f75d08fbe4
-
alt-nodejs12-nodejs-docs-12.22.12-21.el8.noarch.rpm
sha:0890e5c436de1edcbcbe7643431ce25dd3e57bfe0de739cc6bbb873ff843918e
-
alt-nodejs12-npm-6.14.16-12.22.12.21.el8.x86_64.rpm
sha:7eb897d7a3f5dcf1980aa1df9c0f746b41388440cc39890b042cbda39633d84a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
