50 matches found
Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.
Summary The IBM Maximo Application Suite AI-Service component uses"base-x-4.0.0.tgz, body-parser-1.20.2.tgz, cross-spawn-7.0.3.tgz, glob-10.4.2.tgz, path-to-regexp-0.1.7.tgz, qs-6.13.0.tgz, qs-6.14.0.tgz, qs-6.5.3.tgz, urllib3-2.6.2-py3-none-any.whl" which are vulnerable to "CVE-2025-27611,...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-21538
This High severity vulnerability known as CVE-2024-21538 was introduced in 6.0.5, 7.0.3, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 9.4.0, 8.19.12, 8.19.13, 9.4.1, 9.4.2, 8.19.14, 9.4.3, 8.19.15 of Bitbucket Data Center and Server. This...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...
Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability
Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)
Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to cross-spawn ( CVE-2024-21538 )
Summary Potential vulnerabilities in cross-spawn module CVE-2024-21538 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular...
Security Bulletin: Vulnerability in cross-spawn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in cross-spawn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]
Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...
Important: Red Hat Security Advisory: RHODF-4.18-RHEL-9 enhancement, bug fix and security update
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.18.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Linux Distros Unpatched Vulnerability : CVE-2024-21538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...
Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).
Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...
Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)
The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...
Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538
Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)
Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...
Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...
Medium: nodejs
Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...
Medium: nodejs20
Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...