Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in Node.js and FasterXML jackson-databind may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly....

CVE-2020-26274

creationtimestamp| type| source ---|---|--- 2020-12-16 22:41:49+00:00| seen| https://t.me/cibsecurity/20950...

CVE-2020-26274 Command Injection Vulnerability in systeminformation

In systeminformation npm package before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix...

CVE-2020-26274

The CVE-2020-26274 vulnerability affects the systeminformation npm package, specifically versions before 4.31.1, where a command injection flaw exists in how shell strings are handled. The root cause is improper sanitization of a crafted shell string, enabling arbitrary command execution on the h...

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +218 more potentially affected by CVE-2020-26274 via systeminformation (>=3.30.6 <=4.31.0)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26274 Source advisory: OSV:GHSA-M57P-P67H-MQ74...

@azteam/monitor (>=1.0.1 <=1.0.9), @best/builder (=4.0.0-beta10) +26 more potentially affected by CVE-2020-26274 via systeminformation (>=4.0.10 <=4.31.0)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =5.2.0, =5.2.1 and more Source cves: CVE-2020-26274 Source advisory: SNYK:JS-SYSTEMINFORMATION-1050436...