IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-28502
CVEID:CVE-2020-28502
**DESCRIPTION:**Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused by an issue when requests are sent synchronously. By sending specially-crafted input flowing into xhr.send, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197806 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Transformation Advisor | 2.4.2, 2.4.3 |
Upgrade to 2.4.4 or later.
IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud transformation advisor | eq | 2.0 |