Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 5:59 p.m.19 views

Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28502 DESCRIPTION: Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused ...

8.1CVSS2.2AI score0.04646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/22 4:8 p.m.16 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-28502 Vulnerability Details CVEID: CVE-2020-28502 DESCRIPTION: Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused by an issue when...

8.1CVSS1.4AI score0.04646EPSS
Exploits2Affected Software1
Node.js
Node.js
added 2021/05/04 6:18 p.m.99 views

Arbitrary Code Injection

Overview In xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run. Recommendation Upgrade to version 1.6.2 or later References CVE GitHub Advisory...

6.8CVSS5.5AI score0.04646EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2021/05/04 6:2 p.m.4 views

317-project (=0.0.0), 4pm-cli (>=0.0.1 <=0.0.5) +1889 more potentially affected by CVE-2020-28502 via xmlhttprequest (>=1.2.2 <=1.6.0)

xmlhttprequest NPM version =1.2.2, =0.0.1, =0.1.16, =0.1.0, =1.1.1, =0.0.4, =0.0.53, =0.0.42, =1.0.399-main, =0.1.0, =0.1.1 and more Source cves: CVE-2020-28502 Source advisory: OSV:GHSA-H4J5-C7CJ-74XG...

8.1CVSS7.2AI score0.04646EPSS
Exploits2
NVD
NVD
added 2021/03/05 6:15 p.m.31 views

CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...

8.1CVSS0.04646EPSS
Exploits2References5
OSV
OSV
added 2021/03/05 6:15 p.m.21 views

CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...

8.1CVSS7.2AI score
Exploits0References5
CVE
CVE
added 2021/03/05 5:25 p.m.121 views

CVE-2020-28502

The CVE-2020-28502 issue affects the Node.js packages xmlhttprequest (pre-1.7.0) and xmlhttprequest-ssl (any version). Root cause: inputs sent via xhr.send when requests are synchronous (async=false) can be manipulated to inject and execute arbitrary code, due to how data flows into xhr.send. Pub...

8.1CVSS8.1AI score0.04646EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2021/03/05 5:25 p.m.37 views

CVE-2020-28502 Arbitrary Code Injection

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...

8.1CVSS8.2AI score0.04646EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2021/03/05 5:25 p.m.31 views

CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously async=False on xhr.open, malicious user input flowing into xhr.send could result in arbitrary code being injected and run...

8.1CVSS8.2AI score0.04646EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2021/03/05 5:5 p.m.2 views

1tp (>=0.0.1 <=0.11.2), 2d-json-schema-editor-visual (>=1.0.2 <=1.0.7) +2788 more potentially affected by CVE-2020-28502 via xmlhttprequest-ssl (>=1.5.1 <=1.5.5)

xmlhttprequest-ssl NPM version =1.5.1, =0.0.1, =1.0.2, =1.0.1, =4.11.25, =0.1.3, =0.0.15, =8.25.29, =1.0.0, =0.0.4, =1.0.9, =1.0.15 and more Source cves: CVE-2020-28502 Source advisory: SNYK:JS-XMLHTTPREQUESTSSL-1082936...

8.1CVSS7.2AI score0.04646EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2021/03/05 5:5 p.m.4 views

317-project (=0.0.0), 4pm-cli (>=0.0.1 <=0.0.5) +1889 more potentially affected by CVE-2020-28502 via xmlhttprequest (>=1.2.2 <=1.6.0)

xmlhttprequest NPM version =1.2.2, =0.0.1, =0.1.16, =0.1.0, =1.1.1, =0.0.4, =0.0.53, =0.0.42, =1.0.399-main, =0.1.0, =0.1.1 and more Source cves: CVE-2020-28502 Source advisory: SNYK:JS-XMLHTTPREQUEST-1082935...

8.1CVSS7.2AI score0.04646EPSS
Exploits2
Rows per page
Query Builder