Release date:
2026-06-12 09:18:50 UTC
Description:
- CVE-2023-30581: policy: handle mainModule.__proto__ bypass by installing
the policy-aware require() on the module prototype and assigning
process.mainModule via setOwnProperty(), closing the
process.mainModule.__proto__.require() experimental-policy bypass
- CVE-2023-44487: nghttp2 (HTTP/2 Rapid Reset): backport the upstream
nghttp2 1.57.0 RST_STREAM token-bucket rate limiter to the bundled
nghttp2 1.42.0 (default burst=1000, rate=33/s); excessive incoming
RST_STREAM frames now trigger a GOAWAY instead of unbounded work
Updated packages:
-
alt-nodejs14-nodejs-14.21.3-23.el7.x86_64.rpm
sha:f065c9a06312147bf07c2e51b9ffedac69e3b2d357772bc77423e91ee33182c1
-
alt-nodejs14-nodejs-devel-14.21.3-23.el7.x86_64.rpm
sha:c63cb7fd03f805b13b0f13e27ca29d7d930d0021ee20964d2a6f807f8d558bea
-
alt-nodejs14-nodejs-docs-14.21.3-23.el7.noarch.rpm
sha:270e5fb9be3f55d111d7fec40bc3d0b956a420b75b2fa9316d6ecd9cbbf25f5a
-
alt-nodejs14-npm-6.14.18-14.21.3.23.el7.x86_64.rpm
sha:a47f725fdf55e0ea4e4dbe9f39489404cb02bf6b560f712e9a3520754cdcb9f0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
