9 matches found
Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)
Summary IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async CVE-2021-43138 and nconf CVE-2022-21803 modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to code injection due to CVE-2022-21803
Summary Node.js module nconf is used by IBM App Connect Enterprise Certified Container operands for loading default configuration values. IBM App Connect Enterprise Certified Container IntegrationServer, Dashboard and Designer operands may be vulnerable to code injection if the configuration file...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.3.10 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
CVE-2022-21803
CVE-2022-21803 affects Node.js nconf prior to 0.11.4. When using the memory engine, a crafted property can trigger prototype pollution by modifying Object.prototype via proto or constructor payloads, potentially enabling arbitrary code execution or a denial of service. A fix is available in nconf...
CVE-2022-21803 Prototype Pollution
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
7ghost (>=4.11.0 <=4.11.46), @absolunet/nwayo-workflow (>=3.6.0 <=3.8.2) +887 more potentially affected by CVE-2022-21803 via nconf (>=0.10.0 <=0.11.3)
nconf NPM version =0.10.0, =4.11.0, =3.6.0, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =1.2.5, =2.0.4, =1.0.0, =3.2.1, =0.0.1, =1.0.0, =0.0.1-feature-5cf2ee-kaxka2d7, =2.3.0-feature-f2daa5-kkqvjc9m and more Source cves: CVE-2022-21803 Source advisory: SNYK:JS-NCONF-2395478...