multiparty 安全漏洞

multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open-sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp before version 8.4.0 had a security vulnerability. This vulnerability stemmed from defects in the regular expressions generated when using multiple wildcards...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp (CVE-2024-45296).

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial...

Security Bulletin: A pillarjs path-to-regexp vulnerability affects IBM Safer Payments (CVE-2024-45296)

Summary pillarjs path-to-regexp is used by IBM Safer Payments as part of UI navigation routes. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

Security Bulletin: IBM Security SOAR is vulnerable to denial of service (CVE-2024-45296)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side regular expression denial of service CVE-2024-45296. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later...

path-to-regexp 安全漏洞

Path-to-RegExp is an open source tool from pillarjs. It is used to convert path strings to regular expressions. A security vulnerability exists in versions prior to path-to-regexp 0.1.12. An attacker exploiting this vulnerability can cause poor performance...

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

send 跨站脚本漏洞

send is a pillarjs open source library for streaming files from the file system as http responses. A cross-site scripting vulnerability exists in send versions prior to 0.19.0 that stems from passing untrusted user input to SendStream.redirect to execute untrusted code...

Path-to-RegExp 安全漏洞

Path-to-RegExp is an open source tool from pillarjs. It is used to convert path strings to regular expressions. A security vulnerability exists in Path-to-RegExp, which stems from the fact that backtracking a regular expression could lead to a denial of service...