CVE-2024-21532

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

CVE-2024-45277

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact ...

CVE-2024-45277

The SAP HANA Node.js client package versions 2.0.0 through 2.21.30 are affected by a Prototype Pollution vulnerability caused by improper cleanup of user input when using the nestTables feature. This allows an attacker to add arbitrary properties to global object prototypes, with low impact on av...

CVE-2024-45277 Prototype Pollution vulnerability in SAP HANA Client

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact ...

CVE-2024-45277 Prototype Pollution vulnerability in SAP HANA Client

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact ...

CVE-2024-47183

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...

CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

RHSA-2024:1678 Red Hat Security Advisory: nodejs security update

Bulletin has no description...

RHSA-2022:4914 Red Hat Security Advisory: rh-nodejs12-nodejs security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2023:5840 Red Hat Security Advisory: rh-nodejs14 security update

Bulletin has no description...

OESA-2024-2173 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...

Security Bulletin: The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module (CVE-2024-4067).

Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js...

Security Bulletin: Vulnerability in Node.js affects IBM watsonx.data

Summary Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this...

Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, and Linux. Vulnerabilities include obtaining sensitive information, causing denial of service condition, heap-based buffer overflow, bypassing of security restrictions,...

Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...

MAL-2024-8952 Malicious code in node-request-ip (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb84b66f2d901a52fe5355ab09edbd3226fb91b8c6dd7afd2ec2353390488822 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROS-20240923-04

A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...