May 4, 2020 8:00 pm EDT
Categorized: Medium Severity
Share this post:
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
Affected product(s) and affected version(s):
All supported versions (10.x, and 12.x) of Node.js are vulnerable.
Through the command-line Cloud Foundry client run the following command:
cf ssh <appname> -c “cat app/logs/staging_task.log” | grep “Installing node”
—–> Installing node 10.19.0
Alternatively, through the command-line Cloud Foundry client run the following command:
$ cf ssh <appname> -c “cat app/logs/staging_task.log” | grep “IBM SDK for Node.js”
—–> IBM SDK for Node.js Buildpack v4.2-20200227-1649
If the Buildpack version is not at least v4.2.1 your application may be vulnerable.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6205708
from IBM Product Security Incident Response Team https://ift.tt/2W3k3lp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.