Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary

Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems.

Vulnerability Details

CVEID:CVE-2020-7789
**DESCRIPTION:**node-notifier could allow a remote attacker to execute arbitrary commands on the system, caused by improper sanitization of options params. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193001 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2018-21270
**DESCRIPTION:**Node.js stringstream module is vulnerable to a denial of service, caused by a out-of-bounds read flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/144304 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-20149
**DESCRIPTION:**kind-of could allow a remote attacker to bypass security restrictions, caused by improper validation of user supplied input in ctorName in index.js. By sending a specially-crafted payload, an attacker could exploit this vulnerability to overwrite the builtin attribute to manipulate the type detection result.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173669 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-10747
**DESCRIPTION:**Node.js set-value module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167421 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-7754
**DESCRIPTION:**Node.js npm-user-validate module is vulnerable to a denial of service, caused by a flaw when processing long input strings begin with @ characters for user emails. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189917 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-1000620
**DESCRIPTION:**Cryptiles is vulnerable to a brute force attack, caused by insufficient entropy in randomDigits() method. A remote attacker could exploit this vulnerability using brute force techniques to obtain sensitive information.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148075 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2017-18869
**DESCRIPTION:**chownr package for Node.js could allow a local attacker to launch a symlink attack, caused by a TOCTOU issue. A local attacker could exploit this vulnerability using symlink attacks to trick the library into descending into unintended directories.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184298 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-33587
**DESCRIPTION:**An unspecified error related to the failure to ensure that attribute parsing has Linear Time Complexity in Node.js css-what module has an unknown impact and attack vector.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202757 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2018-16492
**DESCRIPTION:**Node.js extend module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2021-23364
**DESCRIPTION:**Browserslist is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) during parsing of queries. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200951 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-0512
**DESCRIPTION:**unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improperly handeling username and password. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-0686
**DESCRIPTION:**unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by an issue with unable to find the correct hostname when no port number is provided in the url. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform SSRF, open redirect or other attacks depends on the hostname field of parsed url.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220105 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-0691
**DESCRIPTION:**unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improper validation of \b (backspace) character. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation and leads to false positive in the extractProtocol() function.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220107 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-0639
**DESCRIPTION:**unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by incorrect conversion of @ in protocol in the href. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219864 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-6283
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::parenthese_scope in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155594 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-20821
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161651 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-11698
**DESCRIPTION:**LibSaas could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read of a memory region in the function Sass::handle_error. By using a specially-crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/144297 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)

CVEID:CVE-2020-24025
**DESCRIPTION:**node-sass could allow a remote attacker to bypass security restrictions, caused by the disablement of certificate validation when requesting binaries even if the user is not specifying an alternative download path. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2018-19838
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a stack-based buffer overflow in the IMPLEMENT_AST_OPERATORS expansion in ast.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153722 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-11694
**DESCRIPTION:**LibSaas is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Functions::selector_append. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/144317 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-19827
**DESCRIPTION:**Libsass is vulnerable to a denial of service, caused by a use after free in the SharedPtr class in SharedPtr.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153718 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-20190
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Eval::operator() in eval.cpp. By using a specially crafted sass input file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154428 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-6286
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::skip_over_scopes in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155592 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-6284
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in Sass::Prelexer::alternatives in prelexer.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155593 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-19839
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a heap-based buffer over-read in the handle_error function in sass_context.cpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153723 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2018-19797
**DESCRIPTION:**LibSass is vulnerable to a denial of service, caused by a NULL pointer dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/153652 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-35065
**DESCRIPTION:**Node.js glob-parent module is vulnerable to a denial of service, caused by an error in the enclosure regex. By sending a specially crafted string prepended with the letter “A”, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208298 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-28469
**DESCRIPTION:**Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-16777
**DESCRIPTION:**npm CLI could allow a local attacker to bypass security restrictions, caused by the failure to prevent existing globally-installed binaries to be overwritten by other package installations. An attacker could exploit this vulnerability to bypass filesystem access restrictions to overwrite an existing binary with a globally-installed package.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173159 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-15095
**DESCRIPTION:**Node.js npm CLI module could allow a local attacker to obtain sensitive information, caused by the storing of user credentials in the log file. By persuading a victim to open a log file, an attacker could exploit this vulnerability to obtain user credentials.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184666 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-16775
**DESCRIPTION:**npm CLI could allow a local attacker to bypass security restrictions, caused by an arbitrary file overwrite vulnerability. An attacker could exploit this vulnerability to bypass filesystem access restrictions to create symlinks to files outside of the node_modules folder through the bin field upon installation.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173163 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-16776
**DESCRIPTION:**npm CLI could allow a local attacker to bypass security restrictions, caused by the failure to prevent access to folders outside of the intended node_modules folder through the bin field. An attacker could exploit this vulnerability to gain access to folders outside of the intended node_modules folder through the bin field.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173161 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2018-16489
**DESCRIPTION:**Node.js just-extend module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156531 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2019-10746
**DESCRIPTION:**Node.js mixin-deep module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167420 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2019-10742
**DESCRIPTION:**Axios is vulnerable to a denial of service, caused by an issue with continuing to accept content after maxContentLength is exceeded. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160652 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-28168
**DESCRIPTION:**Node.js axios module is vulnerable to server-side request forgery, caused by improper input validation. By providing a URL that responds with a redirect to a restricted host or IP address, an attacker could exploit this vulnerability to conduct SSRF attack to bypass a proxy.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191660 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-23343
**DESCRIPTION:**path-parse is vulnerable to a denial of service. By sending a specially-crafted request via splitDeviceRe, splitTailRe, and splitPathRe regular expressions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS).
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-23566
**DESCRIPTION:**Nanoid could allow a local attacker to obtain sensitive information, caused by a flaw in the valueOf() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217348 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2018-3728
**DESCRIPTION:**Node.js hoek module is vulnerable to a denial of service, caused by a prototype pollution attack in the merge, applyToDefaults and applyToDefaultsWithShallow functions. By sending a specially crafted JSON string, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/139127 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading.

Installed versions of IBM Spectrum Discover (2.0.4, 2.0.4.1, 2.0.4.2, 2.0.4.3, 2.0.4.4,2.0.4.5) can be upgraded to fixed version using IBM Spectrum Discover 2.0.4.6 upgrader. and following the steps provided in our documentation (IBM Spectrum Discover Documentation).

Workarounds and Mitigations

None