14 matches found
RHEL 7 : kiali (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-axios: Regular expression denial of service in trim function CVE-2021-3749 Note that Nessus has not tested f...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
Exploit for Uncontrolled Resource Consumption in Axios
Axios Regular Expression Denial Of Service Attack This repo h...
Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-0155, CVE-2022-0536, CVE-2021-3749
Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...
Using vulnerable dependencies in package.json
Description 1. Hello team, The Showdoc is using a axios 0.17.1 dependency that is vulnerable to:👇 1. CVE-2021-3749 Regular Expression Denial of Service ReDoS 2. CVE-2020-28168 Server-Side Request Forgery SSRF 3. CVE-2019-10742 Denial of Service DoS Path to the file:...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update
Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-3749
Summary IBM App Connect Enterprise Certified Container may be affected by a regular expression denial of service vulnerability in axios due to CVE-2021-3749 Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Axios
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Axios. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim function. By sending a...
Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-3749)
Summary IBM Integration Bus ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of...
Security Bulletin: A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in Node.js axios module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...
-lidonghui (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +54288 more potentially affected by CVE-2021-3749 via axios (>=0.10.0 <=0.21.1)
axios NPM version =0.10.0, =1.0.1, =1.0.1, =1.0.0, =1.0.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 04-17 =1.0.0 - 04-17zy =1.0.0 - 04-a =1.0.0 - 04-code =1.0.0 - 05-clima-mundo =1.0.0 - 0726react =0.1.1 - 0a =1.0.0 - 0c =1.0.0 and more Source cves: CVE-2021-3749 Source advisory:...
CVE-2021-3749
A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...
CVE-2021-3749 Inefficient Regular Expression Complexity in axios/axios
axios is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3749
CVE-2021-3749 affects the Axios package used by IBM Cloud Pak System and Node.js environments. It is a Denial of Service vulnerability via a regular-expression DoS in the trim function, exploitable by crafted input to cause high CPU usage. Remediation is to upgrade to fixed software; IBM Cloud Pa...