SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:0419-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0419-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Manipulation of data Spoofing Access to sensitive data Node.js developers have released updates to address the vulnerabilities. More...

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...

Vulnerabilities fixed IBM Integration Bus and App Connect Enterprise

IBM has fixed vulnerabilities in the Node.js and OpenSSL components of the Integration Bus and App Connect Enterprise. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Circumvention of...

CVE-2022-31150 CRLF injection in request headers

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. Vulnerability Details CVEID: CVE-2021-42581 DESCRIPTION: Ramda could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Node.js npm package is vulnerable to package security bypass and an information disclosure. These vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details Third Party Entry: 173111 DESCRIPTION: Nodejs npm package security bypass CVSS...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially allow a remote malicious party to launch an HTTP request smuggling attack. Such an attack could lead to unauthorized access to systems. Possible consequential damages may include gaining access to information or performin...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerabilities CVE-2021-3450 and CVE-2021-3449 Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.50...

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2021-23337)

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated...

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-28500)

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in Node.js affecting Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i Modernization Tools, Java edition, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that affect the Cordova platform...

Vulnerabilities fixed in Node.js

Several vulnerabilities have been fixed in Node.js. A remote malicious party could potentially exploit the vulnerabilities to cause a denial-of-service. In addition, the vulnerabilities could be exploited to perform a prototype pollution attack. Depending on the Node.js application, this could...

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is Impacted by Multiple Vulnerabilities

Summary IBM Watson OpenScale on Cloud Pak for Data has addressed Node.js npm-registry-fetch, npm CLI module vulnerabilities. Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker...

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)

Summary IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287 with details of each below. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If...

MGASA-2021-0092 Updated nodejs packages fix security vulnerabilities

Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. Upgrade from Mageia 7 to 8 problem fixed...

Security Bulletin: Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA

Summary Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...