Lucene search
+L

13 matches found

ibm
ibm
added 2025/02/26 6:40 p.m.18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863

Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...

9.8CVSS9.1AI score0.91969EPSS
Exploits6Affected Software1
ibm
ibm
added 2024/07/31 11:1 a.m.49 views

Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...

9.8CVSS10AI score0.60679EPSS
Exploits5Affected Software1
ibm
ibm
added 2024/04/19 8:36 p.m.36 views

Security Bulletin: IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

9.8CVSS7.8AI score0.01422EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/04/16 3:42 p.m.50 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and remote attack due to node.js jose module and jsonata-js JSONata (CVE-2024-28176, CVE-2024-27307)

Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js jose module and jsonata-js JSONata. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jos...

9.8CVSS6.8AI score0.02085EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/04/02 10:25 a.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution due to [CVE-2024-27307]

Summary JSONata is used by IBM App Connect Enterprise Certified Container flows for mapping and extracting values within a JSON document. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run or edit flows containing JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
nvd
nvd
added 2024/03/06 8:15 p.m.19 views

CVE-2024-27307

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS9.8AI score0.01422EPSS
Exploits0References5
cgr
cgr
added 2024/03/06 8:15 p.m.259 views

CVE-2024-27307 vulnerabilities

Vulnerabilities for packages: renovate...

9.8CVSS7.1AI score0.01422EPSS
Exploits0
wolfi
wolfi
added 2024/03/06 8:15 p.m.52 views

CVE-2024-27307 vulnerabilities

Vulnerabilities for packages: renovate...

9.8CVSS7.3AI score0.01422EPSS
Exploits0
vulnrichment
vulnrichment
added 2024/03/06 7:24 p.m.17 views

CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS7.6AI score0.01422EPSS
Exploits0References5
cve
cve
added 2024/03/06 7:24 p.m.402 views

CVE-2024-27307

CVE-2024-27307 (JSONata) is a prototype-pollution vulnerability in JSONata.js. Starting with 1.4.0 and affecting versions prior to 1.8.7 and 2.0.4, a malicious JSONata expression can abuse the transform operator to override properties on Object and Object.prototype, enabling denial of service, re...

9.8CVSS9.7AI score0.01422EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2024/03/06 7:24 p.m.29 views

CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS9.9AI score0.01422EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2024/03/04 8:43 p.m.6 views

@bifravst/muninn-proto (>=5.0.0 <=5.2.0-chart-proto.1), @cenk1cenk2/renovate-config (>=2.3.132 <=2.3.148) +9 more potentially affected by CVE-2024-27307 via jsonata (=2.0.3)

jsonata NPM version =2.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on jsonata and may be impacted: - @bifravst/muninn-proto =5.0.0, =2.3.132, =1.0.0, =1.0.0, =0.14.0, =5.1.0, =4.0.0, =1.0.7, =36.7.0, =37.227.0 Source cves: CVE-2024-27307 Source...

9.8CVSS7.1AI score0.01422EPSS
Exploits0
Rows per page
Query Builder