19 matches found
Arbitrary Code Injection
Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties
Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487)
Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js lodash module CVE-2018-16487 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a...
Security Bulletin: CVE-2020-8203
Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute...
Security Bulletin: Potential vulnerability with Node.js lodash module
Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...
Vulnerability fixed in IBM Integration Bus
A vulnerability has been fixed in IBM Integration Bus. A malicious party could potentially exploit the vulnerability in the Javascript lodash module potentially exploit it to execute arbitrary commands on the underlying system. IBM has released updates to fix the vulnerability. For more...
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in...
Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection fla...
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Infrastructure Management.
Summary Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: Se...
Security Bulletin: Potential vulnerability with Node.js lodash module
Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...
Security Bulletin: Node.js module upgrade for IBM Cloud Pak for Data Streams Flows
Summary A Node.js module has released an update that addresses a security issue. It is recommended to upgrade the module. Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...
Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11
Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-8203 Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183560 fo...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability.
Summary IBM Cloud Transformation Advisor has addressed a Node.js lodash module vulnerability. Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...
Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.
Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js by Prototype Pollution vulnerabiliy
Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js lodash module CVE-2019-10744 Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...