Lucene search

K
ibmIBM0AD1ABD3A4EE94669ABFEF468671D6A66B8F413908447E8D0315800041BEDF41
HistoryMar 30, 2021 - 7:24 p.m.

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

2021-03-3019:24:48
www.ibm.com
13
ibm cloud transformation advisor
node.js vulnerability
cve-2020-15168
version 2.4.2
upgrade

EPSS

0.001

Percentile

42.5%

Summary

IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-15168

Vulnerability Details

CVEID:CVE-2020-15168
**DESCRIPTION:**Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By using a specially-crafted file, a remote attacker could exploit this vulnerability to consume excessive resource on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Transformation Advisor 2.4.0, 2.4.1

Remediation/Fixes

Upgrade to 2.4.2 or later.

IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link.

Workarounds and Mitigations

None

EPSS

0.001

Percentile

42.5%

Related for 0AD1ABD3A4EE94669ABFEF468671D6A66B8F413908447E8D0315800041BEDF41