MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

ROOT-APP-NPM-CVE-2022-25881 CVE-2022-25881 in @rootio/http-cache-semantics - Patched by Root

Root has patched CVE-2022-25881 in the @rootio/http-cache-semantics package for Root:npm. Multiple fixed versions available...

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

EUVD-2023-0544

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js http-cache-semantics module ( CVE-2022-25881 )

Summary Node.js http-cache-semantics module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

Security Bulletin: Vulnerability in Node.js http-cache-semantics affects IBM Cloud Pak System

Summary Vulnerability in Node.js http-cache-semantics affects IBM Cloud Pak SystemCVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sendi...

Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in Node.js http-cache-semantics package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

RHEL 9 : nodejs (RHSA-2023:5533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and improper file download via http-cache-semantics, Gin-Gonic, and YAML (CVE-2022-25881, CVE-2023-2251, CVE-2023-29401)

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be vulnerable to denial of service via http-cache-semantics, denial of service via TypeScript's yaml and improper file attachment download for Node.js's http-cache-semantics as...

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js http-cache-semantics modulewhich is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881)

Summary Potential Node.js http-cache-semantics module denial of service CVE-2022-25881 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js...

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js http-cache-semantics module (CVE-2022-25881)

Summary A vulnerability in Node.js http-cache-semantics module used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-490...

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...