Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

EUVD-2023-0515

Malicious code in bioql PyPI...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

The vulnerability of the SemVer package manager NPM allows a hacker to trigger a service failure.

The vulnerability of the SemVer package manager NPM is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2022-25883

...

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17780 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

PT-2023-4569

Name of the Vulnerable Software and Affected Versions semver versions prior to 7.5.2 semver versions prior to 6.3.1 on the 6.x branch semver versions prior to 5.7.2 Description The issue is related to the use of a regular expression with inefficient computational complexity in the semver package,...

GHSA-PCC2-W6M8-X5W4 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

GHSA-H8P8-6378-649P XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Server side request forgery (ssrf)

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...