[Git][security-tracker-team/security-tracker][master] CVE-2026-21710/bullseye

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5cede634 by Bastien Roucariès at 2026-05-23T22:55:05+02:00
CVE-2026-21710/bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35317,8 +35317,10 @@ CVE-2026-21711 (A flaw in Node.js Permission Model network enforcement leaves Un
 CVE-2026-21710 (A flaw in Node.js HTTP request handling causes an uncaught `TypeError` ...)
 	{DSA-6272-1 DSA-6183-1}
 	- nodejs 22.22.2+dfsg+~cs22.19.15-1
+	[bullseye] - nodejs <not-affected> (vulnerable code introduced in v18.3.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#denial-of-service-via-__proto__-header-name-in-reqheadersdistinct-uncaught-typeerror-crashes-nodejs-process-cve-2026-21710---high
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/00ad47a28eb2e3dc0ff5610d58c53341acf3cf8d (v20.20.2)
+	NOTE: Introduced by https://github.com/nodejs/node/commit/9539cfa35817ea3ad61eccd2ed0572cc5c449d03 (v18.3.0)
 CVE-2026-31788 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	{DSA-6243-1 DSA-6238-1 DLA-4561-1}
 	- linux 6.19.10-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cede6342631504ebd8dade188e81e9a4f63f2d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cede6342631504ebd8dade188e81e9a4f63f2d7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/2fcb72f5/attachment-0001.htm>