Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

0.edsql (>=1.0.49 <=1.0.50), @codious/core (>=1.2.15 <=1.2.18) +99 more potentially affected by CVE-2022-21676 via engine.io (>=5.0.0 <=5.1.1)

engine.io NPM version =5.0.0, =1.0.49, =1.2.15, =0.5.3, =0.6.3, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.6.4, =0.6.3, =0.6.3, =8.0.0, =2.0.0, =0.5.1-feat-1122.01a4d64d.130, =0.5.1-feat-1122.01a4d64d.130, =1.0.0-rc.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

@3kles/3kles-socketio (>=1.0.0 <=1.0.5), @livejack/broker (=1.3.4) +22 more potentially affected by CVE-2022-21676 via engine.io (=6.0.1)

engine.io NPM version =6.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on engine.io and may be impacted: - @3kles/3kles-socketio =1.0.0, =0.1.0, =8.1.2, =1.4.0, =0.4.11, =0.4.0, =0.4.0, =0.4.10, =0.4.11, =0.4.5, =5.0.0, =1.0.0-alpha.1, =1.0.0-alpha....

@ahora/socket.io (=3.0.3), @azteam/express (>=1.2.33 <=1.2.142) +22 more potentially affected by CVE-2022-21676 via engine.io (>=4.0.6 <=4.1.1)

engine.io NPM version =4.0.6, =1.2.33, =1.12.0, =3.0.0, =2.0.0-beta.6, =2.3.0-beta.20, =1.1.3, =2.2.26-3, =2.0.0, =0.9.301, =1.0.0, =0.4.0, =0.4.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

CVE-2022-21676

creationtimestamp| type| source ---|---|--- 2022-01-12 22:17:18+00:00| seen| https://t.me/cibsecurity/35354...

CVE-2022-21676

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676

CVE-2022-21676 affects Engine.IO (used by Socket.IO) andCan trigger an uncaught exception on the Engine.IO server via a specially crafted HTTP request, crashing the Node.js process. Impact starts with engine.io version 4.0.0; versions prior to 4.0.0 are not affected. Patches are released per majo...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...