35 matches found
Atlassian Confluence 7.19.0 < 8.5.20 / 8.6.x < 9.2.6 / 9.3.x < 9.3.1 / 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101489)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101489 advisory. - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Confluence Data Center and Server - CVE-2023-42282
This is a critical vulnerability in a non-Atlassian Confluence dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This Critical...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
Linux Distros Unpatched Vulnerability : CVE-2023-42282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...
Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)
The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to SSRF due to ip for Node.js (CVE-2023-42282)
Summary Package ip for Node.js is used by IBM Cloud Pak for Data. CVE-2023-42282 Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw in the ip.isPublic...
CVE-2023-42282 affecting package reaper for versions less than 3.1.1-10
CVE-2023-42282 affecting package reaper for versions less than 3.1.1-10. A patched version of the package is available...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Node.js IP package (CVE-2023-42282)
Summary Potential code execution vulnerability in Node.js IP package CVE-2023-42282 has been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-42282...
CBL Mariner 2.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)
The version of nodejs / nodejs18 / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...
CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1
CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...
Important: Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Network Observability 1.6 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2024-29415
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...
CVE-2024-29415
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.
Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Storage Fusion is vulnerable to arbitrary code execution due to Node.js IP package.
Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...
Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)
Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP [CVE-2023-42282]
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary...