VYPR

rpm package

almalinux/nodejs24-devel

pkg:rpm/almalinux/nodejs24-devel

Vulnerabilities (23)

  • CVE-2025-55130Jan 20, 2026
    affected < 1:24.13.0-1.el10_1fixed 1:24.13.0-1.el10_1

    A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and

  • CVE-2026-21637Jan 20, 2026
    affected < 1:24.13.0-1.el10_1fixed 1:24.13.0-1.el10_1

    A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), ca

  • CVE-2025-59465Jan 20, 2026
    affected < 1:24.13.0-1.el10_1fixed 1:24.13.0-1.el10_1

    A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects

Page 2 of 2