Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Golang (CVE-2024-45336)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2024-45336 Vulnerability Details CVEID:CVE-2024-45336 DESCRIPTION: The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an...