17 matches found
ROOT-APP-NPM-CVE-2023-45133 CVE-2023-45133 in @rootio/babel-traverse - Patched by Root
Root has patched CVE-2023-45133 in the @rootio/babel-traverse package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133
Summary IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary cod...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2023.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF028 and 23.0.1-IF006. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to arbitrary code execution due to Babel.
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to arbitrary code execution due to Babel CVE-2023-45133. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)
Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...
Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...
Security Bulletin: IBM QRadar User Behavior Analytics uses components with known vulnerabilities (CVE-2023-44270, CVE-2023-45133)
Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...
Security Bulletin: Babel-traverse is vulnerable to CVE-2023-45133 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses babel-traverse which is vulnerable to CVE-2023-45133. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Babel
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Babel. Vulnerability Details CVEID: CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the path.evaluateor path.evaluateTruth...
Security Bulletin: IBM Storage Fusion may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)
Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability...
Debian: Security Advisory (DLA-3618-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5528-1 : node-babel7 - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528 advisory. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile...
[SECURITY] [DSA 5528-1] node-babel7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5528-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 16, 2023 https://www.debian.org/security/faq -...
1st (>=0.1.0 <=0.1.45), 4paradigm_robot_service (>=0.0.1 <=0.0.16) +6380 more potentially affected by CVE-2023-45133 via @babel/traverse (>=7.0.0-beta.31 <=7.23.0)
@babel/traverse NPM version =7.0.0-beta.31, =0.1.0, =0.0.1, =0.0.0, =0.0.2, =0.0.1, =0.6.0, =0.0.1, =0.0.2, =0.0.0-manual.7283bbad, =0.28.1, =0.37.0-beta-5 - @accio-cms/server =0.0.6 - @acentswap/ace-sdk =10.4.0 and more Source cves: CVE-2023-45133 Source advisory: OSV:GHSA-67HX-6X53-JW92...
CVE-2023-45133
creationtimestamp| type| source ---|---|--- 2023-10-12 20:23:32+00:00| seen| https://t.me/cibsecurity/72192 2025-05-10 05:05:40+00:00| seen| https://gist.github.com/aestzio/801a375fd28fbecaaa4809ec962909c7 2025-11-13 11:00:00+00:00| seen|...
CVE-2023-45133
CVE-2023-45133 affects Babel’s traversal layer. The issue allows arbitrary code execution during compilation when compiling code crafted by an attacker via plugins that rely on path.evaluate() or path.evaluateTruthy(). Affected in: @babel/traverse prior to 7.23.2 and 8.0.0-alpha.4, and all versio...