Release date:
2026-06-12 09:14:11 UTC
Description:
- CVE-2023-30581: policy: handle mainModule.__proto__ bypass by installing
the policy-aware require() on the module prototype and assigning
process.mainModule via setOwnProperty(), closing the
process.mainModule.__proto__.require() experimental-policy bypass
- CVE-2023-44487: nghttp2 (HTTP/2 Rapid Reset): backport the upstream
nghttp2 1.57.0 RST_STREAM token-bucket rate limiter to the bundled
nghttp2 1.42.0 (default burst=1000, rate=33/s); excessive incoming
RST_STREAM frames now trigger a GOAWAY instead of unbounded work
Updated packages:
-
alt-nodejs14-nodejs-14.21.3-23.el9.x86_64.rpm
sha:535f5ac0812f7a38f80438de5ab9f0483e8940a658cab199678ad3ae590923ec
-
alt-nodejs14-nodejs-devel-14.21.3-23.el9.x86_64.rpm
sha:3ecf6aca217e48590098af6d108b5559568757e47434f24265d731f1d0080651
-
alt-nodejs14-nodejs-docs-14.21.3-23.el9.noarch.rpm
sha:b4f6653942b4291bd28a3a5b37b661956ff820f3f98b96495d0fb9df983d4f78
-
alt-nodejs14-npm-6.14.18-14.21.3.23.el9.x86_64.rpm
sha:781d57c1b57a470191e890823e5a0e6f2c91ec25fb296f15cac4d9fd0701aa8e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
