Lucene search
+L

14 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.36 views

RHEL 7 : kiali (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-axios: Regular expression denial of service in trim function CVE-2021-3749 Note that Nessus has not tested f...

7.5CVSS6.9AI score0.08515EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.43 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
GithubExploit
GithubExploit
added 2022/06/12 3:6 a.m.823 views

Exploit for Uncontrolled Resource Consumption in Axios

Axios Regular Expression Denial Of Service Attack This repo h...

7.8CVSS7.4AI score0.08515EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/28 5:2 p.m.34 views

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-0155, CVE-2022-0536, CVE-2021-3749

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...

8CVSS1.2AI score0.08515EPSS
Exploits4Affected Software1
Huntr
Huntr
added 2022/03/18 4:59 p.m.213 views

Using vulnerable dependencies in package.json

Description 1. Hello team, The Showdoc is using a axios 0.17.1 dependency that is vulnerable to:👇 1. CVE-2021-3749 Regular Expression Denial of Service ReDoS 2. CVE-2020-28168 Server-Side Request Forgery SSRF 3. CVE-2019-10742 Denial of Service DoS Path to the file:...

1AI score0.08515EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2022/03/10 4:0 p.m.80 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

9.8CVSS7AI score0.99888EPSS
Exploits3References1507
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/06 11:16 a.m.34 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-3749

Summary IBM App Connect Enterprise Certified Container may be affected by a regular expression denial of service vulnerability in axios due to CVE-2021-3749 Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of...

7.8CVSS7.3AI score0.08515EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/30 4:27 p.m.44 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Axios

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Axios. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim function. By sending a...

7.8CVSS7.3AI score0.08515EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/30 4:48 a.m.38 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-3749)

Summary IBM Integration Bus ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of...

7.8CVSS7.8AI score0.08515EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 6:14 p.m.42 views

Security Bulletin: A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...

7.8CVSS1.4AI score0.08515EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2021/09/01 6:23 p.m.6 views

-lidonghui (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +54288 more potentially affected by CVE-2021-3749 via axios (>=0.10.0 <=0.21.1)

axios NPM version =0.10.0, =1.0.1, =1.0.1, =1.0.0, =1.0.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 04-17 =1.0.0 - 04-17zy =1.0.0 - 04-a =1.0.0 - 04-code =1.0.0 - 05-clima-mundo =1.0.0 - 0726react =0.1.1 - 0a =1.0.0 - 0c =1.0.0 and more Source cves: CVE-2021-3749 Source advisory:...

7.8CVSS7.1AI score0.08515EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2021/08/31 6:51 p.m.85 views

CVE-2021-3749

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

7.8CVSS2.7AI score0.08515EPSS
Exploits2References5
Cvelist
Cvelist
added 2021/08/31 10:36 a.m.26 views

CVE-2021-3749 Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7.7AI score0.08515EPSS
Exploits2References14
CVE
CVE
added 2021/08/31 10:36 a.m.680 views

CVE-2021-3749

CVE-2021-3749 affects the Axios package used by IBM Cloud Pak System and Node.js environments. It is a Denial of Service vulnerability via a regular-expression DoS in the trim function, exploitable by crafted input to cause high CPU usage. Remediation is to upgrade to fixed software; IBM Cloud Pa...

7.8CVSS7.4AI score0.08515EPSS
Exploits2References14Affected Software1
Rows per page
Query Builder