8 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the gRPC package ( CVE-2020-7768)
Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2020-7768 DESCRIPTION: The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CWE:CWE-1321:...
Prototype Pollution
Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...
0.extends.wechat (>=1.0.51 <=1.0.65), 0perator (>=0.1.0 <=0.3.0) +17017 more potentially affected by CVE-2020-7768 via @grpc/grpc-js (>=0.1.0 <=1.1.7)
@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =1.0.0, =1.0.1, =1.0.0, =1.1.0, =0.4.0, =0.1.1, =1.0.0, =0.0.1, =1.0.0, =1.0.17 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...
3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3773 more potentially affected by CVE-2020-7768 via grpc (>=0.11.1 <=1.24.3)
grpc NPM version =0.11.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 - @account-coddle/pokerfire =0.0.1 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...
Photon OS 3.0: Grpc PHSA-2020-3.0-0176
An update of the grpc package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0176. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144218;...
Security Bulletin: App Connect Enterprise Certified Container is vulnerable to code injection and Denial of Service attacks
Summary App Connect Enterprise Certified Container Integration Servers and Designers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-7766 and CVE-2020-7768 Vulnerability Details CVEID: CVE-2020-7768 DESCRIPTION: Node.js grpc module is vulnerable to a denial of...
CVE-2020-7768
CVE-2020-7768 affects gRPC in Node.js: the package grpc prior to 1.24.4 and @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Impact details in sources describe a pollution path that could alter object prototypes, enabling unauthorized modification of o...
3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3711 more potentially affected by CVE-2020-7768 via grpc (>=1.0.0 <=1.24.3)
grpc NPM version =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 - @account-coddle/pokerfire =0.0.1 and more Source cves: CVE-2020-7768 Source advisory: SNYK:JS-GRPC-598671...