BZ#2447179 CVE-2026-1526 nodejs20: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression [fedora-all]
0
0
BZ#2453563 CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all]
0
0
BZ#2453567 CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all]
0
0
BZ#2453570 CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all]
0
0
BZ#2453592 CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all]
0
0
BZ#2453596 CVE-2026-21715 nodejs20: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions [fedora-all]
0
0
BZ#2453599 CVE-2026-21710 nodejs20: Node.js: Denial of Service due to crafted HTTP `__proto__` header [fedora-all]
This update has been submitted for testing by tjuhasz.
This update's test gating status has been changed to 'waiting'.
tjuhasz edited this update.
This update's test gating status has been changed to 'failed'.
tjuhasz edited this update.
This update has been pushed to testing.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.