9 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-36665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf...
Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)
Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]
Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...
Security Bulletin: protobuf.js component is vulnerable which is used by IBM Maximo Application Suite [CVE-2023-36665]
Summary IBM Maximo Application Suite uses protobuf.js package which is vulnerable to CVE-2023-36665. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototyp...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]
Summary Node.js module protobuf.js is used by IBM App Connect Enterprise Certified Container by the Google PubSub node. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Google PubSub node are vulnerable to arbitrary code execution. This...
CVE-2023-36665
"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...
CVE-2023-36665
CVE-2023-36665 affects protobuf.js (protobufjs) 6.10.0 through 7.x, before 7.2.5. A user‑controlled protobuf message can pollute Object.prototype by adding/overwriting its data and functions. Exploitation paths include: 1) parse, 2) loading .proto files via load/loadSync, or 3) untrusted input to...
CVE-2023-36665
"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...
CVE-2023-36665
"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...