10 matches found
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-29060 DESCRIPTION: Node.js Color-String module is vulnerable to a denial of service, caused by an error when the application is provided and checks a crafted invalid HWB string. By sendin...
Security Bulletin: Vulnerability in Node.js Color-String affects IBM Process Mining (CVE-2021-29060)
Summary There is a vulnerability in Node.js Color-String that could allow a local attacker to launch a dos attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29060 DESCRIPTION:...
Security Bulletin: Vulnerability in Node.js Color-String affects IBM Cloud Pak System (CVE-2021-29060)
Summary Vulnerability in Node.js Color-String affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerability. Vulnerability Details CVEID:CVE-2021-29060 DESCRIPTION: Node.js Color-String module is vulnerable to a denial of service, caused by an error when the application is provide...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was found in Color-String, which occurs when the application is provided and checks a crafted invalid HWB string. The highest threat from this vulnerability is to system availability...
02-infrastructure (=1.0.0), 02vue_toast_demo (>=1.0.0 <=1.0.4) +13867 more potentially affected by CVE-2021-29060 via color-string (>=0.1.3 <=1.5.3)
color-string NPM version =0.1.3, =1.0.0, =1.0.4, =3.1.4, =5.0.0, =3.1.6, =0.0.1, =1.0.2, =2.0.0, =2.0.4 and more Source cves: CVE-2021-29060 Source advisory: OSV:GHSA-257V-VJ4P-3W2H...
CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
UBUNTU-CVE-2021-29060
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...
CVE-2021-29060
CVE-2021-29060 is a ReDOS in the Node.js color-string module (Color-String) triggered by crafted HWB strings, with IBM security bulletins stating IBM Process Mining and IBM QRadar-related deployments are affected. The vulnerability affects Color-String 1.5.5 and earlier; remediation is to upgrade...
@apollosproject/apollos-cli (>=2.43.1 <=3.0.0-canary.57), @apollosproject/react-native-make (>=3.0.4 <=3.0.5) +22 more potentially affected by CVE-2021-29060 via color-string (>=1.2.0 <=1.5.3)
color-string NPM version =1.2.0, =2.43.1, =3.0.4, =3.0.2, =1.0.0, =2.1.2, =3.0.1, =2.4.0, =3.2.4, =0.0.0-alpha.1, =0.0.0, =0.0.0, =0.0.0, =0.0.3, =0.0.0, =0.0.7 and more Source cves: CVE-2021-29060 Source advisory: SNYK:JS-COLORSTRING-1082939...