ALSA-2026:7123

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:7123
Related
Published
2026-04-08T00:00:00Z
Modified
2026-04-17T13:29:32.372893600Z
Summary
Important: nodejs:22 security update
Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)
  • minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)
  • minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
  • undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)
  • undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)
  • undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)
  • undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)
  • nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
  • Node.js: Node.js: Denial of Service due to crafted HTTP __proto__ header (CVE-2026-21710)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8
nodejs

Package

Name
nodejs
Purl
pkg:rpm/almalinux/nodejs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.22.2-1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-devel

Package

Name
nodejs-devel
Purl
pkg:rpm/almalinux/nodejs-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.22.2-1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-docs

Package

Name
nodejs-docs
Purl
pkg:rpm/almalinux/nodejs-docs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.22.2-1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-full-i18n

Package

Name
nodejs-full-i18n
Purl
pkg:rpm/almalinux/nodejs-full-i18n

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.22.2-1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-libs

Package

Name
nodejs-libs
Purl
pkg:rpm/almalinux/nodejs-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.22.2-1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-nodemon

Package

Name
nodejs-nodemon
Purl
pkg:rpm/almalinux/nodejs-nodemon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-1.module_el8.10.0+4006+3c416519

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-packaging

Package

Name
nodejs-packaging
Purl
pkg:rpm/almalinux/nodejs-packaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.06-6.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
nodejs-packaging-bundler

Package

Name
nodejs-packaging-bundler
Purl
pkg:rpm/almalinux/nodejs-packaging-bundler

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.06-6.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
npm

Package

Name
npm
Purl
pkg:rpm/almalinux/npm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:10.9.7-1.22.22.2.1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"
v8-12.4-devel

Package

Name
v8-12.4-devel
Purl
pkg:rpm/almalinux/v8-12.4-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3:12.4.254.21-1.22.22.2.1.module_el8.10.0+4158+e796f37f

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:7123.json"