11 matches found
Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28502 DESCRIPTION: Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused ...
Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability
Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-28502 Vulnerability Details CVEID: CVE-2020-28502 DESCRIPTION: Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused by an issue when...
Arbitrary Code Injection
Overview In xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run. Recommendation Upgrade to version 1.6.2 or later References CVE GitHub Advisory...
317-project (=0.0.0), 4pm-cli (>=0.0.1 <=0.0.5) +1889 more potentially affected by CVE-2020-28502 via xmlhttprequest (>=1.2.2 <=1.6.0)
xmlhttprequest NPM version =1.2.2, =0.0.1, =0.1.16, =0.1.0, =1.1.1, =0.0.4, =0.0.53, =0.0.42, =1.0.399-main, =0.1.0, =0.1.1 and more Source cves: CVE-2020-28502 Source advisory: OSV:GHSA-H4J5-C7CJ-74XG...
CVE-2020-28502
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
CVE-2020-28502
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
CVE-2020-28502
The CVE-2020-28502 issue affects the Node.js packages xmlhttprequest (pre-1.7.0) and xmlhttprequest-ssl (any version). Root cause: inputs sent via xhr.send when requests are synchronous (async=false) can be manipulated to inject and execute arbitrary code, due to how data flows into xhr.send. Pub...
CVE-2020-28502 Arbitrary Code Injection
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
CVE-2020-28502
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...
1tp (>=0.0.1 <=0.11.2), 2d-json-schema-editor-visual (>=1.0.2 <=1.0.7) +2788 more potentially affected by CVE-2020-28502 via xmlhttprequest-ssl (>=1.5.1 <=1.5.5)
xmlhttprequest-ssl NPM version =1.5.1, =0.0.1, =1.0.2, =1.0.1, =4.11.25, =0.1.3, =0.0.15, =8.25.29, =1.0.0, =0.0.4, =1.0.9, =1.0.15 and more Source cves: CVE-2020-28502 Source advisory: SNYK:JS-XMLHTTPREQUESTSSL-1082936...
317-project (=0.0.0), 4pm-cli (>=0.0.1 <=0.0.5) +1889 more potentially affected by CVE-2020-28502 via xmlhttprequest (>=1.2.2 <=1.6.0)
xmlhttprequest NPM version =1.2.2, =0.0.1, =0.1.16, =0.1.0, =1.1.1, =0.0.4, =0.0.53, =0.0.42, =1.0.399-main, =0.1.0, =0.1.1 and more Source cves: CVE-2020-28502 Source advisory: SNYK:JS-XMLHTTPREQUEST-1082935...