4 matches found
Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)
Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29059 DESCRIPTION: Node.js IS-SVG...
CVE-2021-28092
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...
CVE-2021-28092
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time...
CVE-2021-28092
CVE-2021-28092 affects the is-svg npm package for Node.js (versions 2.1.0–4.2.1), where a regex-based ReDoS can cause input processing to stall, leading to a potential denial of service. In CP4S context, remediation guidance available: upgrade Cloud Pak for Security to version 1.9.0 or later. Evi...