{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Important" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title" : "Topic" }, { "category" : "general", "text" : "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:7896", "url" : "https://access.redhat.com/errata/RHSA-2026:7896" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/#important", "url" : "https://access.redhat.com/security/updates/classification/#important" }, { "category" : "external", "summary" : "2441268", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2441268" }, { "category" : "external", "summary" : "2442922", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2442922" }, { "category" : "external", "summary" : "2448754", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448754" }, { "category" : "external", "summary" : "2453151", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2453151" }, { "category" : "external", "summary" : "RHEL-164336", "url" : "https://issues.redhat.com/browse/RHEL-164336" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7896.json" } ], "title" : "Red Hat Security Advisory: nodejs:20 security update", "tracking" : { "current_release_date" : "2026-04-29T14:41:47+00:00", "generator" : { "date" : "2026-04-29T14:41:47+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.7.7" } }, "id" : "RHSA-2026:7896", "initial_release_date" : "2026-04-13T18:36:15+00:00", "revision_history" : [ { "date" : "2026-04-13T18:36:15+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-04-13T18:36:15+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-04-29T14:41:47+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux AppStream (v. 9)", "product" : { "name" : "Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category" : "product_family", "name" : "Red Hat Enterprise Linux" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src (nodejs:20)", "product_id" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=src&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product" : { "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src (nodejs:20)", "product_id" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=src&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product" : { "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src (nodejs:20)", "product_id" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24193%2B41b7b572?arch=src&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product" : { "name" : "nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch (nodejs:20)", "product_id" : "nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-docs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=noarch&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product" : { "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch (nodejs:20)", "product_id" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=noarch&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product" : { "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch (nodejs:20)", "product_id" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.7.0%2B24193%2B41b7b572?arch=noarch&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product" : { "name" : "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch (nodejs:20)", "product_id" : "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.7.0%2B24193%2B41b7b572?arch=noarch&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "noarch" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debuginfo@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debugsource@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-devel@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-full-i18n@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20)", "product_id" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/npm@10.8.2-1.20.20.2.1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=aarch64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "aarch64" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debuginfo@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debugsource@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-devel@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-full-i18n@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20)", "product_id" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/npm@10.8.2-1.20.20.2.1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=ppc64le&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "ppc64le" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debuginfo@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debugsource@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-devel@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-full-i18n@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20)", "product_id" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/npm@10.8.2-1.20.20.2.1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=s390x&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "s390x" }, { "branches" : [ { "category" : "product_version", "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debuginfo@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-debugsource@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-devel@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/nodejs-full-i18n@20.20.2-1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } }, { "category" : "product_version", "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20)", "product_id" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/npm@10.8.2-1.20.20.2.1.module%2Bel9.7.0%2B24193%2B41b7b572?arch=x86_64&epoch=1&rpmmod=nodejs:20:9070020260409073121:rhel9" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20" }, "product_reference" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20" }, "product_reference" : "nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20" }, "product_reference" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20" }, "product_reference" : "nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20" }, "product_reference" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20" }, "product_reference" : "nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20" }, "product_reference" : "nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20" }, "product_reference" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20" }, "product_reference" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20" }, "product_reference" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" }, { "category" : "default_component_of", "full_product_name" : { "name" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id" : "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" }, "product_reference" : "npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "relates_to_product_reference" : "AppStream-9.7.0.Z.MAIN" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-21710", "cwe" : { "id" : "CWE-843", "name" : "Access of Resource Using Incompatible Type ('Type Confusion')" }, "discovery_date" : "2026-03-30T20:01:21.196629+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2453151" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named `__proto__`. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an application crash. This can result in a Denial of Service (DoS), making the affected service unavailable to users.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-21710" }, { "category" : "external", "summary" : "RHBZ#2453151", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2453151" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-21710", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-21710" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-21710", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-21710" }, { "category" : "external", "summary" : "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases", "url" : "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases" } ], "release_date" : "2026-03-30T19:07:28.558000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-13T18:36:15+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7896" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header" }, { "cve" : "CVE-2026-26996", "cwe" : { "id" : "CWE-1333", "name" : "Inefficient Regular Expression Complexity" }, "discovery_date" : "2026-02-20T04:01:11.896063+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2441268" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Exploitation of this flaw requires that a user or service processes untrusted input.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-26996" }, { "category" : "external", "summary" : "RHBZ#2441268", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2441268" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-26996", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-26996" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-26996" }, { "category" : "external", "summary" : "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "url" : "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5" }, { "category" : "external", "summary" : "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "url" : "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26" } ], "release_date" : "2026-02-20T03:05:21.105000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-13T18:36:15+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7896" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "minimatch: minimatch: Denial of Service via specially crafted glob patterns" }, { "cve" : "CVE-2026-27135", "cwe" : { "id" : "CWE-617", "name" : "Reachable Assertion" }, "discovery_date" : "2026-03-18T19:02:13.823002+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2448754" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-27135" }, { "category" : "external", "summary" : "RHBZ#2448754", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448754" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-27135", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-27135" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-27135" }, { "category" : "external", "summary" : "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "url" : "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1" }, { "category" : "external", "summary" : "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "url" : "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6" } ], "release_date" : "2026-03-18T17:59:02.045000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-13T18:36:15+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7896" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination" }, { "cve" : "CVE-2026-27904", "cwe" : { "id" : "CWE-1333", "name" : "Inefficient Regular Expression Complexity" }, "discovery_date" : "2026-02-26T02:01:23.004531+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2442922" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Exploitation of this flaw requires that a user or service processes untrusted input.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-27904" }, { "category" : "external", "summary" : "RHBZ#2442922", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2442922" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-27904", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-27904" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-27904" }, { "category" : "external", "summary" : "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "url" : "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74" } ], "release_date" : "2026-02-26T01:07:42.693000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-13T18:36:15+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7896" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debuginfo-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-debugsource-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-devel-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-docs-1:20.20.2-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-full-i18n-1:20.20.2-1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-0:2021.06-6.module+el9.7.0+24193+41b7b572.src::nodejs:20", "AppStream-9.7.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-6.module+el9.7.0+24193+41b7b572.noarch::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.aarch64::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.ppc64le::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.s390x::nodejs:20", "AppStream-9.7.0.Z.MAIN:npm-1:10.8.2-1.20.20.2.1.module+el9.7.0+24193+41b7b572.x86_64::nodejs:20" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions" } ] }