Lucene search
+L

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/12/22 9:28 a.m.32 views

Security Bulletin: A security vulnerability in Node.js vm2 affects IBM Cloud Pak for Multicloud Management Managed Services [CVE-2021-23555] and [CVE-2021-23449]

Summary A security vulnerability in Node.js vm2 affects IBM Cloud Pak for Multicloud Management Managed Services CVE-2021-23555 and CVE-2021-23449 has been addressed in IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 5. Vulnerability Details CVEID:CVE-2021-23555 DESCRIPTION: Node.js vm2 modu...

10CVSS9.9AI score0.03476EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/03 4:49 p.m.37 views

Security Bulletin: A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23449 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or...

10CVSS9.5AI score0.03476EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2021/10/19 3:28 p.m.45 views

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4126 more potentially affected by CVE-2021-23449 via vm2 (>=1.0.1 <=3.9.3)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2021-23449 Source advisory: OSV:GHSA-RJF2-J2R6-Q8GR...

10CVSS7.2AI score0.03476EPSS
Exploits1
OSV
OSV
added 2021/10/18 5:15 p.m.22 views

CVE-2021-23449

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...

10CVSS9.5AI score
Exploits0References5
CVE
CVE
added 2021/10/18 4:40 p.m.71 views

CVE-2021-23449

The CVE-2021-23449 entry concerns the Node.js vm2 package (pre-3.9.4). A Prototype Pollution flaw allows an attacker to modify Object.prototype via proto /constructor payloads, which can lead to sandbox escape and execution of arbitrary code on the host. Impact is described as remote code executi...

10CVSS9.6AI score0.03476EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2021/10/18 4:40 p.m.30 views

CVE-2021-23449 Sandbox Bypass

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...

9.8CVSS9.8AI score0.03476EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/09/17 11:4 a.m.5 views

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4124 more potentially affected by CVE-2021-23449 via vm2 (>=3.0.0 <=3.9.3)

vm2 NPM version =3.0.0, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2021-23449 Source advisory: SNYK:JS-VM2-1585918...

10CVSS7.2AI score0.03476EPSS
Exploits1
Rows per page
Query Builder