Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:57 p.m.52 views

Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29059 DESCRIPTION: Node.js IS-SVG...

7.5CVSS7.5AI score0.02813EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/03/12 10:15 p.m.27 views

CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...

7.5CVSS0.02168EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/03/12 9:31 p.m.33 views

CVE-2021-28092

The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...

7.7AI score0.02168EPSS
Exploits0References4
CVE
CVE
added 2021/03/12 9:31 p.m.204 views

CVE-2021-28092

CVE-2021-28092 affects the is-svg npm package for Node.js (versions 2.1.0–4.2.1), where a regex-based ReDoS can cause input processing to stall, leading to a potential denial of service. In CP4S context, remediation guidance available: upgrade Cloud Pak for Security to version 1.9.0 or later. Evi...

7.5CVSS7.2AI score0.02168EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder