Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Ramda [CVE-2021-42581]

Summary Ramda is used by IBM Storage Ceph as part of the dashboard and in assorted other locations. CVE-2021-42581 This bulletin identifies the steps to take to address the vulnerability in Ramda. Vulnerability Details CVEID:CVE-2021-42581 DESCRIPTION: Ramda could allow a remote attacker to execu...

Prototype Pollution

ramda is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the curry2 function in the mapObjIndexed.js and modify attributes such as proto, constructor, and prototype. This vulnerability has been disputed and is pending further information...

CVE-2021-42581

A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...

CVE-2021-42581

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...

CVE-2021-42581

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...

Code injection

DISPUTED Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because th...

CVE-2021-42581

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...

CVE-2021-42581

Removed by vendor...

CVE-2021-42581

CVE-2021-42581 affects Ramda up to v0.27.0 in mapObjIndexed, enabling prototype pollution that can lead to remote code execution/integrity or availability impact (CVSS 9.8). IBM advisories reference Ramda prototype pollution and remediation via upgrading affected products, but no specific patch v...

PT-2022-11625 · Ramda · Ramda

Name of the Vulnerable Software and Affected Versions: Ramda versions 0.27.0 and earlier Description: The issue allows attackers to compromise the integrity or availability of an application by supplying a crafted object that contains an own property proto as an argument to the mapObjIndexed...

Ramda 安全漏洞

Ramda is a utility library for JavaScript programmers. A security vulnerability exists in Ramda version 0.27.0 and prior versions. An attacker could exploit this vulnerability to compromise the integrity or usability of an application by supplying specially crafted objects as arguments to functio...

Inefficient Regular Expression Complexity in ramda/ramda

✍️ Description A ReDoS regular expression denial of service flaw was found in the ramda package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...