134 matches found
rails-html-sanitizer has XSS vulnerability with certain configurations
Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...
Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27980)
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service
Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892 Vulnerability Details...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 1.8.0401. Vulnerability Details CVEID:CVE-2023-22067 DESCRIPTION:...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update August 2023
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to August 2023. IBM 8 SR8 FP5 1.8.0371. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IB...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2023
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2023. IBM 8 SR7 FP20 1.8.0351. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION:...
Cross-site Scripting (XSS)
rails-html-sanitizer is vulnerable to cross site scripting. The vulnerability exists in the loofahusinghtml5? and removesafelisttagcombinations functions in sanitizer.rb because it enables an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update July 2022
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to July 2022. IBM 8 SR7 FP15 1.8.0341. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION:...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION:...
CVE-2022-32209
CVE-2022-32209 affects rails-html-sanitizer: if an application overrides allowed_tags to include both 'select' and 'style', a cross-site scripting (XSS) vulnerability may be exploitable. The issue is triggered when developers configure sanitizer via Rails config, sanitize helper, or SafeListSanit...
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 8.0.7.5. Vulnerability Details CVEID: CVE-2021-41035 DESCRIPTION:...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i
Summary Vulnerabilities detected in Node.js versions before v14.16.2 that affect the Cordova platform packaged with Rational Developer for i Software. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read...
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details CVEID: CVE-2021-37712 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software
Summary Vulnerabilities detected in Node.js versions before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 affects IBM Rational® Application Developer for WebSphere® Software. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: Multiple vulnerabilities in Node.js affecting Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i Modernization Tools, Java edition, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that affect the Cordova platform...