IBM Event Streams has addressed the following vulnerabilities
CVEID:CVE-2018-16487
DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVEID: CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and associated resources to stay alive for a long period of time, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158093> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Event Streams 2018.3.0
IBM Event Streams 2018.3.1
Upgrade to IBM Event Streams 2019.1.1 which is available from Passport Advantage.
CPE | Name | Operator | Version |
---|---|---|---|
ibm event streams | eq | any |