[CLSA-2026:1778166146] alt-nodejs18-nodejs: Fix of CVE-2026-21710
Type:
security
Severity:
Important
Release date:
2026-05-07 15:02:31 UTC
Description:
- CVE-2026-21710: use null prototype for headersDistinct/trailersDistinct to prevent uncaught TypeError when a __proto__ header is received and the application accesses req.headersDistinct or req.trailersDistinct
Updated packages:
  • alt-nodejs18-nodejs-18.20.8-9.el10.x86_64.rpm
    sha:78804ee27dd6fb94844c7a4168ac5808dbf9a015cb6cff484be6f4a5749aec99
  • alt-nodejs18-nodejs-devel-18.20.8-9.el10.x86_64.rpm
    sha:cb89f5adc23299e239bde8d040823f5a25e74eacaf05fd5cc84768e965b82269
  • alt-nodejs18-nodejs-docs-18.20.8-9.el10.noarch.rpm
    sha:419039ac35c68fce98dacde57b778d4ea705124f6166844db14f30971015ecf0
  • alt-nodejs18-npm-10.8.2-18.20.8.9.el10.x86_64.rpm
    sha:8c63579949b6726ae16f5a5a0d8f5e2b31b3fde0852f753a68340ea693a19654
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.