2 matches found
Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)
Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29059 DESCRIPTION: Node.js IS-SVG...
CVE-2021-29059
CVE-2021-29059 affects the IS-SVG library, with versions 2.1.0–4.2.2 and earlier, where a crafted invalid SVG string can trigger a Regular Expression Denial of Service (ReDOS) in the SVG validation/check process. The description does not specify affected vendors or products beyond IS-SVG, nor a p...