Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat. Vulnerabilities include the flaw in Eclipse Jetty could be used to bypass the authorization imposed by the intermediary as the...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library

Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-24001)

Summary IBM Security SOAR uses an older version of the jsdiff component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff ...

CVE-2026-24001

A flaw was found in jsdiff. A specially crafted patch input containing specific line break characters can cause the parsePatch method to enter an infinite loop, leading to uncontrolled memory consumption and a process crash, resulting in a denial of service. The applyPatch method is similarly...

DEBIAN-CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

UBUNTU-CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001

CVE-2026-24001 affects the jsdiff JavaScript library. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, parsing a patch whose filename headers contain certain line break characters (\r, \u2028, or \u2029) can cause parsePatch to enter an infinite loop, leading to unbounded memory consumption and ...

EUVD-2026-2424

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, and 4.0.4, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without...

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

Linux Distros Unpatched Vulnerability : CVE-2026-24001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers...

jsdiff security vulnerabilities

jsdiff is a text comparison library developed by Kevin Decker. Versions of jsdiff prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of patch files containing specific line breaks, which could lead to infinite loops and...

GHSA-73RR-HH4G-FPGX jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...