7 matches found
Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2021-42581 DESCRIPTION: Ramda could allow a remote attacker t...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-2596
Summary Node.js module node-fetch is used by IBM App Connect Enterprise Certified Container for some HTTP calls. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability...
4i18n-cli (>=0.0.2 <=0.0.7), @about7sharks/get-articles (>=0.0.1 <=0.0.22) +114 more potentially affected by CVE-2022-2596 via node-fetch (>=3.0.0 <=3.2.1)
node-fetch NPM version =3.0.0, =0.0.2, =0.0.1, =1.1.0, =1.273.2, =1.0.0, =7.0.0, =2.14.0, =0.9.0, =0.10.1, =0.5.1, =0.7.0 and more Source cves: CVE-2022-2596 Source advisory: OSV:GHSA-VP56-6G26-6827...
CVE-2022-2596
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...
CVE-2022-2596 Inefficient Regular Expression Complexity in node-fetch/node-fetch
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...
CVE-2022-2596
CVE-2022-2596 affects node-fetch/node-fetch prior to 3.2.10, where an inefficient regular expression can lead to denial of service. The root cause is a ReDoS in isOriginPotentiallyTrustworthy() within referrer.js. Public advisories (GitHub GHSA) confirm the vulnerability and indicate the fix is t...
CVE-2022-2596 Inefficient Regular Expression Complexity in node-fetch/node-fetch
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...