Security vulnerabilities have been reported in IBM® SDK for Node.js™ that affect IBM® SDK for Node.js™ in IBM Cloud.
CVE(s): CVE-2018-7158, CVE-2018-7159, CVE-2018-7160
Affected product(s) and affected version(s):
These vulnerabilities affect IBM SDK for Node.js v6.12.0.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.9.0.0 and earlier releases.
You can also find this file through the command-line Cloud Foundry client by running the following command:
cf ssh <appname> -c cat staging_info.yml
Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}
If the Node.js engine version is not at least v6.14.3 or v8.11.3 your application may be vulnerable.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22011860
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143449
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143448
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143447
The post IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js™ affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2OPnJBw
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.