Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to exposure of sensitive information, SSRF and gaining elevated privileges

Summary IBM Fusion HCI and IBM Fusion user interfaces are affected by vulnerabilities in Node.js packages follow-redirects, axios, webpack, and Go package Beego. Vulnerabilities include remote authenticated exposure of sensitive information, server-side request forgery, and cross-site scripting...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 286 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CWE:CWE-345:...

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, due to weak password requirements, IBM Controller is susceptible to compromised user accounts. Please refer to the table in the Related...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-22017 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid to drop all privileges due to...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-21501 DESCRIPTION: Node.js sanitize-html module could allow a remote attacker to obtain...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

RHEL 6 / 7 : rh-nodejs6-nodejs (RHSA-2017:2908)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2908 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. T...

CVE-2025-32379

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

CVE-2025-32379

CVE-2025-32379 (Koa, Node.js): In koa < 2.16.1 and

Node.js: Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string.

In Node.js, the ReadFileUtf8 internal binding was found to have a memory leak due to a corrupted pointer in uvfss.file. A UTF-16 path buffer was allocated and subsequently overwritten when the file descriptor was set, leading to an unrecoverable memory leak on every call...

PT-2025-19349 · Npm · Js-Object-Utilities

Vulnerability type: Prototype Pollution Affected Package: Product: js-object-utilities Version: 2.2.0 Remedy: Update package to version 2.2.1. Vulnerability Locations: js at module.exports /node modules/js-object-utilities/dist/set.js:16:29 Description: The latest version of js-object-utilities...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22019)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22019 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP reque...

[SECURITY] Fedora 41 Update: nodejs-nodemon-3.1.9-3.fc41

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

[SECURITY] Fedora 40 Update: nodejs-nodemon-3.1.9-3.fc40

Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...

The vulnerability of the diagnostics_channel utility in the Node.js software platform allows a hacker to bypass established security restrictions.

The vulnerability of the diagnosticschannel utility in the Node.js software platform is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to circumvent established security restrictions...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...