Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2D5BC3344DE0DFD1D2DF2A10A1AB6433107B4FADB03843E43C0A2163F3A55D8A
HistoryJun 23, 2021 - 1:21 p.m.

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

2021-06-2313:21:49
www.ibm.com
17

0.001 Low

EPSS

Percentile

43.3%

JSON

Summary

IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2021-33502

Vulnerability Details

CVEID:CVE-2021-33502
**DESCRIPTION:**Node.js normalize-url module is vulnerable to a denial of service, caused by a ReDoS (regular expression denial of service) flaw in the data URLs. By using a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202299 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Transformation Advisor 2.4.2, 2.4.3

Remediation/Fixes

Upgrade to 2.4.4 or later.

IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud transformation advisoreq2.0

Related

ibm 14
cve 1
osv 7
debiancve 1
cvelist 1
redhatcve 1
prion 1
veracode 1
nessus 22
nvd 1
nodejs 1
github 1
ubuntucve 1
redhat 8
oraclelinux 3
rocky 3
almalinux 3
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)
2021-07-30 04:30:32
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:59:14
Security Bulletin: Vulnerability in Node.js normalize-url affects IBM Process Mining (CVE-2021-33502)
2023-02-01 21:30:36
cve
cve
CVE-2021-33502
2021-05-24 16:15:08
osv
osv
ReDoS in normalize-url
2021-06-08 23:11:43
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
debiancve
debiancve
CVE-2021-33502
2021-05-24 16:15:08
cvelist
cvelist
CVE-2021-33502
2021-05-24 15:42:34
redhatcve
redhatcve
CVE-2021-33502
2021-05-25 14:57:29
prion
prion
Denial of service
2021-05-24 16:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-05-25 07:10:20
nessus
nessus
RHEL 8 : nodejs-normalize-url (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)
2021-07-28 00:00:00
nvd
nvd
CVE-2021-33502
2021-05-24 16:15:08
nodejs
nodejs
Regular Expression Denial of Service
2021-06-08 23:12:07
github
github
ReDoS in normalize-url
2021-06-08 23:11:43
ubuntucve
ubuntucve
CVE-2021-33502
2021-05-24 00:00:00
redhat
redhat
(RHSA-2021:2932) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update
2021-07-28 07:39:31
(RHSA-2021:2931) Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update
2021-07-28 07:39:24
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
2022-05-26 16:04:07
oraclelinux
oraclelinux
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
nodejs and nodejs-nodemon security and bug fix update
2022-09-22 00:00:00
rocky
rocky
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs and nodejs-nodemon security and bug fix update
2022-09-20 11:37:49
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
Moderate: nodejs and nodejs-nodemon security and bug fix update
2022-09-20 00:00:00

0.001 Low

EPSS

Percentile

43.3%

JSON
Related for 2D5BC3344DE0DFD1D2DF2A10A1AB6433107B4FADB03843E43C0A2163F3A55D8A
ibm14cve1osv7debiancve1cvelist1redhatcve1prion1veracode1nessus22nvd1nodejs1github1ubuntucve1redhat8oraclelinux3rocky3almalinux3