Release date:
2026-06-12 10:27:35 UTC
Description:
- CVE-2023-30581: policy: handle mainModule.__proto__ bypass by installing
the policy-aware require() on the module prototype and assigning
process.mainModule via setOwnProperty(), closing the
process.mainModule.__proto__.require() experimental-policy bypass
- CVE-2023-44487: nghttp2 (HTTP/2 Rapid Reset): backport the upstream
nghttp2 1.57.0 RST_STREAM token-bucket rate limiter to the bundled
nghttp2 1.42.0 (default burst=1000, rate=33/s); excessive incoming
RST_STREAM frames now trigger a GOAWAY instead of unbounded work
Updated packages:
-
alt-nodejs14-nodejs-14.21.3-23.el10.x86_64.rpm
sha:14efb932789aeee837b876b9a169b29dc6febb9d638c50194191f5c35ccba7eb
-
alt-nodejs14-nodejs-devel-14.21.3-23.el10.x86_64.rpm
sha:d167a11a23342bba8dbf2a476f290c4f3fdb26f60d1f0b66b3098d1b30d7497e
-
alt-nodejs14-nodejs-docs-14.21.3-23.el10.noarch.rpm
sha:a06af42ec8e493c6d2e64779ec7b05682c20a0ab0a7582fe3de9c09cf7c4a5d4
-
alt-nodejs14-npm-6.14.18-14.21.3.23.el10.x86_64.rpm
sha:ebcdeaa4d4f26fac17105dd516ab3d8b41d32557b2ad11167f268d59bb8abf7f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
