Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Two ReDoS vulnerabilities in modules included in the Node.js n...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool

Summary Two ReDoS vulnerabilities in modules included in the Node.js npm tool shipped by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2016-2515 DESCRIPTION: Node.JS hawk is vulnerable to a denial of service, caused by an error in the regular expressi...

mdfa (>=0.9.0 <=0.9.1), meadow (>=1.0.1 <=1.0.16) +2 more potentially affected by CVE-2016-2537 via is-my-json-valid (>=1.4.2 <=2.12.3)

is-my-json-valid NPM version =1.4.2, =0.9.0, =1.0.1, =1.3.0, =2.3.2 - tartare-logs =0.5.0 Source cves: CVE-2016-2537 Source advisory: OSV:GHSA-F522-FFG8-J8R6...

CVE-2016-2537

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...

CVE-2016-2537

CVE-2016-2537 affects the is-my-json-valid package for Node.js, where an incorrect exports["utc-millisec"] regular expression can be exploited to cause a denial-of-service by blocking the event loop. The core detail across documents is that the vulnerability arises in the is-my-json-valid module ...