Home Unlabelled IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix

IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix

By
Tuesday, August 15, 2017
Read
Add Comment

Aug 15, 2017 10:00 am EDT

Categorized: High Severity

Share this post:

Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs.

CVE(s): CVE-2017-1000381, CVE-2017-11499

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v4.8.3 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v6.11.0.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.1.2.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh -c cat staging_info.yml

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v4.8.4 or v6.11.1 or v8.1.4.0 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wMne2m
X-Force Database: http://ift.tt/2h8Xc5H
X-Force Database: http://ift.tt/2h8Xb1D



from IBM Product Security Incident Response Team http://ift.tt/2vzTgQh
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us