Security Bulletin: There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions

Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-23434 DESCRIPTION: Node.js object-path module could allow a remote attack...

The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...