CVE-2024-43409

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

CVE-2024-43409 Ghost's improper authentication allows access to member information and actions

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

CVE-2024-43409 Ghost's improper authentication allows access to member information and actions

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

CVE-2024-43409

CVE-2024-43409 concerns Ghost, a Node.js CMS, with an improper authentication flaw on several member-action endpoints. The issue allows an attacker to perform member-only actions and read member information when exploiting vulnerable versions. Affected range includes Ghost v4.46.0–v5.89.4, with a...

CVE-2024-43409 Ghost's improper authentication allows access to member information and actions

Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this iss...

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-36138)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities (CVE-2024-37890, CVE-2024-37891)

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in an update. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denia...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws (CVE-2024-37890)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NU...

CVE-2024-43373

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-43373

CVE-2024-43373 - webcrack : A Windows-specific arbitrary file write vulnerability exists in the webcrack module when processing crafted code with the unpack bundles and saving features. The root cause is a path traversal check that can be bypassed due to using POSIX path utilities, allowing an at...

CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...

GHSA-CCQH-278P-XQ6W webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path...

webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Updates for Azure CycleCloud (August 2024)

The Azure CycleCloud product is missing security updates. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability exists due to a disclosure of the storage credentials. An authenticated, remote attacker can exploit this to bypass authentication and...

ROS-20240812-08

Node.js software platform vulnerability is related to mismanagement of code generation. Exploitation The vulnerability could allow a remote attacker to activate arbitrary code with elevated privileges when handling CAPNETBINDSERVICE exceptions. elevated privileges when handling CAPNETBINDSERVICE...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )

Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

CVE-2024-42459

A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues. Mitigation Mitigation fo...