Release date:
2026-05-07 16:21:07 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs16-docs_16.20.2-17_amd64.deb
sha:588bda6d52eeb37e471e96ba4727a16666e849b8
-
alt-nodejs16-nodejs_16.20.2-17_amd64.deb
sha:caf74cc008d9cc9b01d58a7cbd5cc5a5544c58df
-
alt-nodejs16-nodejs-devel_16.20.2-17_amd64.deb
sha:6cab1e0cf6dd41615093d7244a5f649be89f4763
-
alt-nodejs16-npm_8.19.4-16.20.2-17_amd64.deb
sha:0c989ec5690e2bc2d1c4de0ff0198c70ea4ea53f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
