Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 2:42 p.m.6 views

Security Bulletin: A vulnerability in module set-value affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in node.js open source package set-value affects IBM Db2 Big SQL 7.4.2 and earlier on Cloud Pak for Data 4.6.2 and earlier Vulnerability Details CVEID:CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS8.2AI score0.02457EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:45 p.m.41 views

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...

9.8CVSS8.3AI score0.42326EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/06 8:2 p.m.30 views

Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)

Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...

9.8CVSS8.8AI score0.09304EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2022/08/24 1:45 p.m.88 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

9.8CVSS7AI score0.0995EPSS
Exploits7References137
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/30 4:26 p.m.42 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID: CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding...

9.8CVSS9.1AI score0.02457EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/20 11:31 a.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to arbitrary code execution via CVE-2021-23440

Summary IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-23440. This only affects App Connect Dashboards Vulnerability Details CVEID: CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary cod...

9.8CVSS1.7AI score0.02457EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2021/09/13 8:9 p.m.7 views

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2021-23440 via set-value (>=0.1.6 <=1.0.0)

set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

9.8CVSS7.1AI score0.02457EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/09/13 8:9 p.m.11 views

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2021-23440 via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

9.8CVSS7.1AI score0.02457EPSS
Exploits1
CVE
CVE
added 2021/09/12 12:55 p.m.310 views

CVE-2021-23440

CVE-2021-23440 is tied to a vulnerability in the Node.js set-value package (prototype pollution/type confusion) that affects versions =3.0.0

9.8CVSS8.2AI score0.02457EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/09/12 12:55 p.m.33 views

CVE-2021-23440 Prototype Pollution

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

7.3CVSS9.5AI score0.02457EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2021/08/12 4:49 p.m.6 views

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

9.8CVSS7.1AI score0.02475EPSS
Exploits2
Rows per page
Query Builder