Release date:
2026-05-07 15:39:05 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs18-docs_18.20.8-9_amd64.deb
sha:4ac8190181a0d9e78da93456e5c367bed6f59da3
-
alt-nodejs18-nodejs_18.20.8-9_amd64.deb
sha:c14bdc1b32072dc64dd39c6bb97f1433fb8b797a
-
alt-nodejs18-nodejs-devel_18.20.8-9_amd64.deb
sha:50feaa446099cb458cba1e3d5ac4ed62c31e4537
-
alt-nodejs18-npm_10.8.2-18.20.8.6_amd64.deb
sha:15102bac78ceb99fcae31b5b5df5f0bb283e13a1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
