Security Bulletin: IBM Event Endpoint Management is vulnerable to a Directory Traversal (or path traversal) attack (CVE-2024-21540).

Summary Operator of IBM Event Endpoint Management is vulnerable to a Directory Traversal or path traversal attack due to the source-map-support library. It helps to show original source code in error stack traces for better debugging. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in source-map-support

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of source-map-support. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. CWE:CWE-22: Improper...

Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...

CVE-2024-21540

Rejected reason: This issue is not a vulnerability because no real attack scenario can happen...

CVE-2024-21540

...

CVE-2024-21540

CVE-2024-21540: Directory Traversal in the retrieveSourceMap function of the source-map-support package. Affected IBM products (as per IBM security bulletins) include Instana/Process Mining and IBM Event Processing components, with multiple builds affected. Root cause: improper handling of pathna...

CVE-2024-21540

...

编号撤回

npm Source Map Support is a library from npm USA. This CVE number has been withdrawn...