8 matches found
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...
Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS
Summary IBM Fusion HCI and IBM Fusion's graphical user interface are vulnerable to a denial of service due to Node.js, isaacs node-tar, and ShowdownJS. CVE-2024-4068, CVE-2024-28863, CVE-2024-1899. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...