19 matches found
Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data
Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...
EUVD-2025-12478
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-46653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoi...
Insecure Randomness
Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content
Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
DEBIAN-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
UBUNTU-CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
formidable 安全特征问题漏洞
formidable is a Node.js module for formidable for parsing form data, especially file uploads. A security signature issue vulnerability exists in versions of formidable prior to 2.1.0 through 3.5.3, which stems from an insufficiently secure filename generated by hexoid, which could lead to the...
PT-2025-17962
Name of the Vulnerable Software and Affected Versions Formidable versions 2.1.0 through 3.x before 3.5.3 Description The issue relies on hexoid to prevent guessing of filenames for untrusted executable content. However, hexoid is documented as not cryptographically secure. There is a scenario in...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
Insecure Randomness
Overview Affected versions of this package are vulnerable to Insecure Randomness due to its use of the hexoid function in the generation of fingerprint IDs. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Vulnerability Report Credit: ZAST.AI...