8 matches found
Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...
Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...
Security Bulletin: IBM Sterling External Authentication Server is vuulnerable due to path-to-regexp (CVE-2024-45296).
Summary IBM Sterling External Authentication Server uses the npm path-to-regexp, which is vulnerable to CVE-2024-45296. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)
Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular...
path-to-regexp contains a ReDoS
Impact The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296 Patches Upgrade to 0.1.12. Workarounds Avoid using two parameters within a single path segment, when the separator is not . e.g. no...
find-my-way has a ReDoS vulnerability in multiparametric routes
Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...