11 matches found
Security Bulletin: A vulnerability in module set-value affects IBM Db2 Big SQL on Cloud Pak for Data
Summary A vulnerability in node.js open source package set-value affects IBM Db2 Big SQL 7.4.2 and earlier on Cloud Pak for Data 4.6.2 and earlier Vulnerability Details CVEID:CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...
Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)
Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID: CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to arbitrary code execution via CVE-2021-23440
Summary IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-23440. This only affects App Connect Dashboards Vulnerability Details CVEID: CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary cod...
3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2021-23440 via set-value (>=0.1.6 <=1.0.0)
set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...
@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2021-23440 via set-value (>=3.0.0 <=3.0.2)
set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...
CVE-2021-23440
CVE-2021-23440 is tied to a vulnerability in the Node.js set-value package (prototype pollution/type confusion) that affects versions =3.0.0
CVE-2021-23440 Prototype Pollution
This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...
@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)
set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...