Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

## Summary

Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5

## Vulnerability Details

**CVEID:**CVE-2024-47875
**DESCRIPTION:** DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** GitHub
**CVSS Base score:** 10
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H)

**CVEID:**CVE-2021-23343
**DESCRIPTION:** path-parse is vulnerable to a denial of service. By sending a specially-crafted request via splitDeviceRe, splitTailRe, and splitPathRe regular expressions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS).
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-0833
**DESCRIPTION:** Red Hat AMQ-Streams could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in OKHttp componen. By sending a specially crafted request, an attacker could exploit this vulnerability to access information outside of their regular permissions.
**CWE:**CWE-209: Generation of Error Message Containing Sensitive Information
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.2
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2022-23806
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition.
**CWE:**CWE-252: Unchecked Return Value
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24538
**DESCRIPTION:** Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them, since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.
**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-24540
**DESCRIPTION:** Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution.
**CWE:**CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-55565
**DESCRIPTION:** nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** CISA ADP
**CVSS Base score:** 4.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2021-3114
**DESCRIPTION:** An unspecified error with the P224() Curve implementation can generate incorrect outputs in Golang Go has an unknown impact and attack vector.
**CWE:**CWE-682: Incorrect Calculation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2021-34558
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by the failure to properly assert that the type of public key in an X.509 certificate matches the expected type in the crypto/tls package. By persuading a victim to connect to a specially-crafted TLS server, a remote attacker could exploit this vulnerability to cause a TLS client to panic.
**CWE:**CWE-295: Improper Certificate Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-44717
**DESCRIPTION:** Golang Go could allow a remote attacker to bypass security restrictions, caused by an error in the syscall.ForkExec() interface. By causing the erroneous closing of file descriptor 0 after file-descriptor exhaustion, an attacker could exploit this vulnerability to compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
**CWE:**CWE-404: Improper Resource Shutdown or Release
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-1705
**DESCRIPTION:** Golang Go is vulnerable to HTTP request smuggling, caused by a flaw with accepting of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
**CWE:**CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-1962
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a stack exhaustion flaw in all Parse* functions. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.2
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-29526
**DESCRIPTION:** Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the Faccessat function when called with a non-zero flags parameter. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain accessible file information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-269: Improper Privilege Management
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2022-41717
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw when handling HTTP/2 requests in the Go server. By sending a specially-crafted keys, a remote attacker could exploit this vulnerability to cause excessive memory growth, and results in a denial of service condition.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-24532
**DESCRIPTION:** An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector.
**CWE:**CWE-682: Incorrect Calculation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2023-29406
**DESCRIPTION:** Golang Go is vulnerable to HTTP header injection, caused by improper contents validation of Host header by the HTTP/1 client. By persuading a victim to visit a specially crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
**CWE:**CWE-436: Interpretation Conflict
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2023-29409
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, an remote attacker could exploit this vulnerability to cause a client/server to expend significant CPU time verifying signatures, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-43138
**DESCRIPTION:** Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues() method. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-30629
**DESCRIPTION:** Golang Go could allow a remote attacker to obtain sensitive information, caused by an issue with session tickets generated by crypto/tls did not contain a randomly generated ticket_age_add. By comparing ticket ages during session resumption, an attacker could exploit this vulnerability to observe TLS handshakes information to correlate successive connections.
**CWE:**CWE-330: Use of Insufficiently Random Values
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2023-0842
**DESCRIPTION:** xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2020-7677
**DESCRIPTION:** Node.js thenify module could allow a remote attacker to execute arbitrary code on the system, caused by improper sanitization in eval function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.6
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

**CVEID:**CVE-2024-50379
**DESCRIPTION:** Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
**CWE:**CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
**CVSS Source:** CISA ADP
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-49766
**DESCRIPTION:** Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.
**CWE:**CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
**CVSS Source:** [email protected]
**CVSS Base score:** 6.3
**CVSS Vector:**(CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X)

**CVEID:**CVE-2024-49767
**DESCRIPTION:** Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 6.9
**CVSS Vector:**(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)

**CVEID:**CVE-2022-37966
**DESCRIPTION:** Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-37967
**DESCRIPTION:** Windows Kerberos Elevation of Privilege Vulnerability
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.2
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-38023
**DESCRIPTION:** Netlogon RPC Elevation of Privilege Vulnerability
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-30580
**DESCRIPTION:** Golang Go could allow a local attacker to execute arbitrary code on the system, caused by a flaw when Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput are executed when Cmd.Path is unset. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-30630
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in io/fs due to stack exhaustion. By sending a specially-crafted request using a path which contains a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-30631
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Reader.Read in compress/gzip due to stack exhaustion. By parsing a specially-crafted compressed file, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-30632
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Glob in path/filepath due to stack exhaustion. By sending a specially-crafted request using a path containing a large number of path separators, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-30633
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-30634
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using large buffers, a remote attacker could exploit this vulnerability to cause rand.Read to hang,a and results in a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-30635
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Decode in encoding/gob due to stack exhaustion. By sending a specially-crafted message containing deeply nested structures, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-32148
**DESCRIPTION:** Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/http. By calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, an attacker could exploit this vulnerability to obtain the client IP address information, and use this information to launch further attacks against the affected system.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-32189
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in Float.GobDecode and Rat GobDecode in math/big. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause a panic.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-41715
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by the compilation of regular expressions from untrusted sources. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-52798
**DESCRIPTION:** path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** [email protected]
**CVSS Base score:** 7.7
**CVSS Vector:**(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X)

**CVEID:**CVE-2024-0727
**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
**CWE:**CWE-476: NULL Pointer Dereference
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2021-3765
**DESCRIPTION:** validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-45492
**DESCRIPTION:** libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the nextScaffoldPart function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-190: Integer Overflow or Wraparound
**CVSS Source:** CISA ADP
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2024-45491
**DESCRIPTION:** libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the dtdCopy function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-190: Integer Overflow or Wraparound
**CVSS Source:** CISA ADP
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2024-45490
**DESCRIPTION:** libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XML_ParseBuffer. By providing a negative length value to the XML_ParseBuffer function, a remote attacker could exploit this vulnerability to cause improper handling of XML data.
**CWE:**CWE-611: Improper Restriction of XML External Entity Reference
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21534
**DESCRIPTION:** Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsafe default usage of the vm module in Node.js. By exploiting the unsafe default usage of the vm module in Node.js, an attacker could exploit this vulnerability to inject and execute arbitrary code on the system.
**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2021-3664
**DESCRIPTION:** url-parse could allow a remote attacker to conduct phishing attacks, caused by the mishandling of backlash “\” characters in a URI. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
**CWE:**CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-0512
**DESCRIPTION:** unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improperly handeling username and password. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation.
**CWE:**CWE-639: Authorization Bypass Through User-Controlled Key
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-0639
**DESCRIPTION:** unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by incorrect conversion of @ in protocol in the href. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation.
**CWE:**CWE-639: Authorization Bypass Through User-Controlled Key
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-0686
**DESCRIPTION:** unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by an issue with unable to find the correct hostname when no port number is provided in the url. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform SSRF, open redirect or other attacks depends on the hostname field of parsed url.
**CWE:**CWE-639: Authorization Bypass Through User-Controlled Key
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-0691
**DESCRIPTION:** unshift.io url-parse module for NPM could allow a remote attacker to bypass security restrictions, caused by improper validation of \b (backspace) character. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass hostname validation and leads to false positive in the extractProtocol() function.
**CWE:**CWE-639: Authorization Bypass Through User-Controlled Key
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2024-37890
**DESCRIPTION:** Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted request with multiple HTTP headers, a remote attacker could exploit this vulnerability to cause the server to crash.
**CWE:**CWE-476: NULL Pointer Dereference
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-41772
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the Reader.Open function. By using a specially-crafted ZIP archive containing an invalid name or an empty filename field, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-44716
**DESCRIPTION:** net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** NVD
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-23772
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash.
**CWE:**CWE-190: Integer Overflow or Wraparound
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-24675
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the program to crash.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-24921
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-27664
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a closing HTTP/2 server connection to hang, and results in a denial of service condition.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-28131
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-28327
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By sending a specially-crafted request with long scalar input, a remote attacker could exploit this vulnerability to cause a panic on the system.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-2879
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by the failure to set a limit on the maximum size of file headers by Reader.Read. By using a specially crafted archive, a remote attacker could exploit this vulnerability to exhaust all available memory resources.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-2880
**DESCRIPTION:** Golang Go could allow a remote attacker to conduct query parameter smuggling, caused by the inclusion of unparseable parameters rejected by net/http in requests forwarded by ReverseProxy. An attacker could exploit this vulnerability to conduct query parameter smuggling.
**CWE:**CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2024-24828
**DESCRIPTION:** pkg could allow a remote authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By placing a specially crafted executables, an attacker could exploit this vulnerability to escalate privileges.
**CWE:**CWE-276: Incorrect Default Permissions
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.6
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)

**CVEID:**CVE-2022-41716
**DESCRIPTION:** Golang Go could allow a remote attacker to bypass security restrictions, caused by improper checking for invalid environment variable values in syscall.StartProcess and os/exec.Cmd. By using a specially-crafted environment variable value, an attacker could exploit this vulnerability to set a value for a different environment variable.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2022-41722
**DESCRIPTION:** A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/../c:/b” into the valid path “c:\b”. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path “.\c:\b”.
**CWE:**CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
**CVSS Source:** NVD
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2022-41723
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24536
**DESCRIPTION:** Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24537
**DESCRIPTION:** Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
**CWE:**CWE-190: Integer Overflow or Wraparound
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24539
**DESCRIPTION:** Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a ‘/’ character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2023-29403
**DESCRIPTION:** On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
**CWE:**CWE-668: Exposure of Resource to Wrong Sphere
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-39325
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the net/http and x/net/http2 packages. By sending specially crafted requests using HTTP/2 client, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-45287
**DESCRIPTION:** Golang Go could allow a remote attacker to obtain sensitive information, caused by a timing-side channel attack in the RSA based key exchange methods in crypto/tls. The removal of of PKCS#1 padding could allow a remote attacker to leak timing information, which in turn could be used to recover session key bits.
**CWE:**CWE-203: Observable Discrepancy
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2023-45288
**DESCRIPTION:** An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
**CWE:**CWE-202: Exposure of Sensitive Information Through Data Queries
**CVSS Source:** CISA ADP
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-28863
**DESCRIPTION:** isaacs node-tar is vulnerable to a denial of service, caused by the lack of folders count validation. By sending a specially crafted request, an remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-5568
**DESCRIPTION:** Samba is vulnerable to a denial of service, caused by a heap-based buffer overflow flaw in the Heimdal KDC. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.9
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)

**CVEID:**CVE-2020-15586
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-16845
**DESCRIPTION:** Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-24553
**DESCRIPTION:** Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.2
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)

**CVEID:**CVE-2021-31525
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition.
**CWE:**CWE-674: Uncontrolled Recursion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-33195
**DESCRIPTION:** Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2021-33197
**DESCRIPTION:** Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop arbitrary headers, including those set by the ReverseProxy.Director.
**CWE:**CWE-862: Missing Authorization
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2021-33198
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in the SetString and UnmarshalText methods of math/big.Rat. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-36221
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic.
**CWE:**CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-39293
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By sending a specially-crafted archive header, a remote attacker could exploit this vulnerability to cause a panic, which results in a denial of service.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-41771
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the ImportedSymbols function in debug/macho. By using specially-crafted binaries, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition.
**CWE:**CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2018-3737
**DESCRIPTION:** Node.js sshpk module is vulnerable to a denial of service, caused by an error parsing specially crafted invalid public keys. A remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21193
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: PS component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21194
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21196
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21197
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: Information Schema component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21198
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: DDL component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21199
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21201
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: Optimizer component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21203
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21207
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21212
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: Health Monitor component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.4
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21213
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.2
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21218
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21219
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21230
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21231
**DESCRIPTION:** Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CVE.org
**CVSS Base score:** 3.1
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-21236
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21237
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: Group Replication GCS component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 2.2
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-21238
**DESCRIPTION:** Oracle MySQL Server and Cluster are vulnerable to a denial of service related to the Server:Thread Pooling components. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a hang or frequently repeatable crash.
**CVSS Source:** CVE.org
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21239
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21241
**DESCRIPTION:** Oracle MySQL Server is vulnerable to a denial of service related to the Server: Optimizer component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** CVE.org
**CVSS Base score:** 4.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21247
**DESCRIPTION:** Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
**CWE:**CWE-284: Improper Access Control
**CVSS Source:** CVE.org
**CVSS Base score:** 3.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-0536
**DESCRIPTION:** Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of the Authorization header from the same hostname during HTTPS to HTTP redirection. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to obtain Authorization header information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
**CVSS Source:** IBM X-Force
**CVSS Base score:** 2.6
**CVSS Vector:**(CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2024-11168
**DESCRIPTION:** The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren’t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
**CWE:**CWE-918: Server-Side Request Forgery (SSRF)
**CVSS Source:** CISA ADP
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2024-45801
**DESCRIPTION:** DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** CVE.org
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2021-23362
**DESCRIPTION:** Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the fromUrl function in index.js. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-26462
**DESCRIPTION:** Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
**CWE:**CWE-401: Missing Release of Memory after Effective Lifetime
**CVSS Source:** NVD
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-3596
**DESCRIPTION:** RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
**CWE:**CWE-354: Improper Validation of Integrity Check Value
**CVSS Source:** NVD
**CVSS Base score:** 9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

**CVEID:**CVE-2024-24791
**DESCRIPTION:** Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending “Expect: 100-continue” requests, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-39266
**DESCRIPTION:** Node.js isolated-vm module could allow a remote attacker to execute arbitrary code on the system, caused by vulnerable CachedDataOptions in API. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass sandbox restrictions and run arbitrary code on the affected system.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.6
**CVSS Vector:**(CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

**CVEID:**CVE-2022-30065
**DESCRIPTION:** Busybox could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free in copyvar function. By sending a specially-crafted awk pattern, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-28391
**DESCRIPTION:** BusyBox could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the netstat applet. By persuading a victim to send a specially-crafted request using a VT compatible terminal, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-22365
**DESCRIPTION:** Linux-pam is vulnerable to a denial of service, caused by a flaw in pam_namespace.so. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-29857
**DESCRIPTION:** The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafted F2m parameters, a remote attacker could exploit this vulnerability to cause excessive CPU consumption.
**CWE:**CWE-125: Out-of-bounds Read
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-25883
**DESCRIPTION:** Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the new Range function. By providing specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-0155
**DESCRIPTION:** follow-redirects could allow a remote attacker to obtain sensitive information, caused by an unauthorized actor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to obtain private personal information and use this information to launch further attacks against the affected system.
**CWE:**CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-28849
**DESCRIPTION:** Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this vulnerability to obtain credentials and other sensitive information.
**CWE:**CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2022-0235
**DESCRIPTION:** Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
**CWE:**CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2024-27088
**DESCRIPTION:** es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** NVD
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-4067
**DESCRIPTION:** Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in micromatch.braces() in index.js. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to increase the consumption time until the application hangs or slows down.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** CVE.org
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-45590
**DESCRIPTION:** expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-405: Asymmetric Resource Consumption (Amplification)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-48957
**DESCRIPTION:** execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
**CWE:**CWE-125: Out-of-bounds Read
**CVSS Source:** CVE.org
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-48958
**DESCRIPTION:** execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
**CWE:**CWE-125: Out-of-bounds Read
**CVSS Source:** CVE.org
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-12254
**DESCRIPTION:** Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not “pause” writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the “high-water mark”. Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** CISA ADP
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-29651
**DESCRIPTION:** A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** CISA ADP
**CVSS Base score:** 8.1
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-24790
**DESCRIPTION:** An unspecified error related to various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses in the net/netip package in Golang Go has an unknown impact and attack vector.
**CVSS Source:** CISA ADP
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2018-25031
**DESCRIPTION:** swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.4
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2021-46708
**DESCRIPTION:** npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
**CWE:**CWE-1021: Improper Restriction of Rendered UI Layers or Frames
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2024-43788
**DESCRIPTION:** Webpack and Rspack are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.4
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)

**CVEID:**CVE-2020-14039
**DESCRIPTION:** Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system.
**CWE:**CWE-295: Improper Certificate Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-24434
**DESCRIPTION:** Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service.
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-0760
**DESCRIPTION:** ISC BIND is vulnerable to a denial of service. By sending a flood of DNS messages over TCP, a remote attacker could exploit this vulnerability to cause the server to become unstable.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-1737
**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE). By processing queries, a remote attacker could exploit this vulnerability to cause the database to slow down.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-1975
**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error if a server hosts a zone containing a “KEY” Resource Record, or a resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain in cache. By sending a stream of SIG(0) signed requests, a remote attacker could exploit this vulnerability to exhaust all available CPU resources.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-4076
**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error when serving both stale cache data and authoritative zone content. By sending queries, a remote attacker could exploit this vulnerability to cause an assertion failure.
**CWE:**CWE-617: Reachable Assertion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2019-18413
**DESCRIPTION:** TypeStack class-validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the class-validator function. By sending a specially-crafted input, an attacker could exploit this vulnerability to bypass the class-validator to perform SQL Injection or XSS attacks.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-3517
**DESCRIPTION:** minimatch is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the braceExpand function. By sending specially-crafted regex arguments, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-15366
**DESCRIPTION:** Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the ajv.validate function. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.6
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2020-29582
**DESCRIPTION:** JetBrains Kotlin could allow a local authenticated attacker to obtain sensitive information, caused by an insecure permission flaw when creating temporary file and folder by the Java API. By gaining access to the temporary directory, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-276: Incorrect Default Permissions
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2022-24329
**DESCRIPTION:** JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system.
**CWE:**CWE-829: Inclusion of Functionality from Untrusted Control Sphere
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2023-5981
**DESCRIPTION:** GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-203: Observable Discrepancy
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.9
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2024-0553
**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack in the RSA-PSK key exchange, a remote attacker could exploit this vulnerability to obtain sensitive information.
**CWE:**CWE-203: Observable Discrepancy
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2024-0567
**DESCRIPTION:** GnuTLS is vulnerable to a denial of service, caused by a flaw when validating a certificate chain with cockpit-certificate-ensure. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-347: Improper Verification of Cryptographic Signature
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-45857
**DESCRIPTION:** Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in all requests to any server when the XSRF-TOKEN0 cookie is available, and the withCredentials setting is turned on, an attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
**CWE:**CWE-352: Cross-Site Request Forgery (CSRF)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

**CVEID:**CVE-2024-8088
**DESCRIPTION:** Python CPython is vulnerable to a denial of service, caused by an infinite loop flaw when iterating over names of entries in a zip archive. By using a specially crafted zip archive, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** CVE.org
**CVSS Base score:** 8.7
**CVSS Vector:**(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L)

**CVEID:**CVE-2021-27918
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-33196
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted archive file, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-29804
**DESCRIPTION:** Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in the filepath.Clean function. By sending a specially-crafted request, an attacker could exploit this vulnerability to convert an invalid path to a valid, absolute path.
**CWE:**CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.2
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2022-41720
**DESCRIPTION:** Golang Go could allow a remote attacker to obtain sensitive information, caused byimproper access control by the os.DirFS function and http.Dir type. By sending a specially-crafted request, an attacker could exploit this vulnerability to access any path on the system, and use this information to launch further attacks against the affected system.
**CWE:**CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2022-41724
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-41725
**DESCRIPTION:** A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing “up to maxMemory bytes +10MB (reserved for non-file parts) in memory”. File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type’s documentation states, “If stored on disk, the File’s underlying concrete type will be an *os.File.”. This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** NVD
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24534
**DESCRIPTION:** HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** NVD
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-29400
**DESCRIPTION:** Templates containing actions in unquoted HTML attributes (e.g. “attr={

{.}}”) executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2023-45283
**DESCRIPTION:** Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a \??\ prefix as a Root Local Device path prefix in the filepath and safefilepath package. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
**CWE:**CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2023-26115
**DESCRIPTION:** All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-24999
**DESCRIPTION:** Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-48949
**DESCRIPTION:** The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits “sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()” validation.
**CWE:**CWE-347: Improper Verification of Cryptographic Signature
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.2
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

**CVEID:**CVE-2021-22963
**DESCRIPTION:** Fastify fastify-static module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect Mozilla Firefox users to arbitrary Web sites.
**CWE:**CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2019-9674
**DESCRIPTION:** Python is vulnerable to a denial of service, caused by a flaw in the Lib/zipfile.py. By using a ZIP bomb, a remote attacker could exploit this vulnerability to cause a denial of dervice.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-43800
**DESCRIPTION:** expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2021-44906
**DESCRIPTION:** Node.js Minimist module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in setKey() function in the index.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.6
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2012-5783
**DESCRIPTION:** Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
**CWE:**CWE-295: Improper Certificate Validation
**CVSS Source:** NVD
**CVSS Base score:** 5.8
**CVSS Vector:**(AV:N/AC:M/Au:N/C:P/I:P/A:N)

**CVEID:**CVE-2024-38808
**DESCRIPTION:** VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language (SpEL) expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** VMware
**CVSS Base score:** 4.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-56201
**DESCRIPTION:** Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja’s sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.
**CWE:**CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
**CVSS Source:** CISA ADP
**CVSS Base score:** 8.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-56326
**DESCRIPTION:** Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja’s sandbox does catch calls to str.format and ensures they don’t escape the sandbox. However, it’s possible to store a reference to a malicious string’s format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
**CWE:**CWE-693: Protection Mechanism Failure
**CVSS Source:** CISA ADP
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-26108
**DESCRIPTION:** Nestjs Nest could allow a remote attacker to obtain sensitive information, caused by a flaw in the StreamableFile pipe. By sending a specially-crafted cancel request while it is streaming a StreamableFile, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2024-11187
**DESCRIPTION:** It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
**CWE:**CWE-405: Asymmetric Resource Consumption (Amplification)
**CVSS Source:** [email protected]
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-12705
**DESCRIPTION:** Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver’s CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** [email protected]
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-4068
**DESCRIPTION:** Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in lib/parse.js. By sending imbalanced braces as input, the parsing will enter a loop causing the JavaScript heap limit to be reached, and the program will crash.
**CWE:**CWE-1050: Excessive Platform Resource Consumption within a Loop
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-43796
**DESCRIPTION:** expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2024-10491
**DESCRIPTION:** expressjs express could allow a remote attacker to obtain sensitive information, caused by a flaw in the response.links function. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** CVE.org
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)

**CVEID:**CVE-2022-2835
**DESCRIPTION:** A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.
**CWE:**CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4.4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)

**CVEID:**CVE-2022-2837
**DESCRIPTION:** A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
**CWE:**CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2024-30171
**DESCRIPTION:** The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decryption (both PKCS#1v1.5 and OAEP) feature. By utilize timing side-channel attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-203: Observable Discrepancy
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2024-30172
**DESCRIPTION:** The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By persuading a victim to use a specially crafted signature and public key, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-34447
**DESCRIPTION:** The Bouncy Castle Crypto Package For Java could allow a remote attacker to bypass security restrictions, caused by a flaw when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname. By sending a specially crafted request, an attacker could exploit this vulnerability to perform DNS poisoning attack.
**CWE:**CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2024-45296
**DESCRIPTION:** path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** CVE.org
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-38821
**DESCRIPTION:** Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring’s static resources support * It must have a non-permitAll authorization rule applied to the static resources support
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.1
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**CVE-2024-48948
**DESCRIPTION:** The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve’s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
**CWE:**CWE-347: Improper Verification of Cryptographic Signature
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2024-38829
**DESCRIPTION:** A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-3882
**CWE:**CWE-178: Improper Handling of Case Sensitivity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**CVE-2024-47554
**DESCRIPTION:** Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2021-22964
**DESCRIPTION:** Fastify fastify-static module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect Mozilla Firefox users to arbitrary Web sites or cause the application to crash.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.2
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L)

**CVEID:**CVE-2024-9287
**DESCRIPTION:** A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment “activation” scripts (ie “source venv/bin/activate”). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren’t activated before being used (ie “./venv/bin/python”) are not affected.
**CWE:**CWE-428: Unquoted Search Path or Element
**CVSS Source:** NVD
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2021-32640
**DESCRIPTION:** WebSockets ws library for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDOS) flaw in the in Sec-Websocket-Protocol header. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a slow down on the ws server, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-45337
**DESCRIPTION:** Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that “A call to this function does not guarantee that the key offered is in fact used to authenticate.” Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry…@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.
**CVSS Source:** CISA
**CVSS Base score:** 9.1
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**CVE-2022-25901
**DESCRIPTION:** Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-20696
**DESCRIPTION:** Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Libarchive component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2024-39249
**DESCRIPTION:** Async is vulnerable to a denial of service, caused by the ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Note: This vulnerability is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-29041
**DESCRIPTION:** Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
**CWE:**CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**CVE-2024-56337
**DESCRIPTION:** Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: – running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) – running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) – running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
**CWE:**CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
**CVSS Source:** CISA ADP
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2021-3749
**DESCRIPTION:** axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU.
**CWE:**CWE-1333: Inefficient Regular Expression Complexity
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-29415
**DESCRIPTION:** The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
**CWE:**CWE-918: Server-Side Request Forgery (SSRF)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2024-41909
**DESCRIPTION:** Apache MINA SSHD could allow a remote attacker to bypass security restrictions. An attacker who can intercept traffic between the client and server could drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security features have been downgraded or disabled.
**CWE:**CWE-354: Improper Validation of Integrity Check Value
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.9
**CVSS Vector:**(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2024-24806
**DESCRIPTION:** libuv is vulnerable to server-side request forgery, caused by improper Domain lookup by the uv_getaddrinfo function in src/unix/getaddrinfo.c. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
**CWE:**CWE-918: Server-Side Request Forgery (SSRF)
**CVSS Source:** CVE.org
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2019-10744
**DESCRIPTION:** Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

**CVEID:**CVE-2021-23337
**DESCRIPTION:** Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.2
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2020-8203
**DESCRIPTION:** Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system.
**CWE:**CWE-770: Allocation of Resources Without Limits or Throttling
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-28500
**DESCRIPTION:** Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the toNumber, trim and trimEnd functions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CVSS Source:** CVE.org
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-38809
**DESCRIPTION:** VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted HTTP request containing ETags from “If-Match” or “If-None-Match” request headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** GitHub, Inc.
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

## Affected Products and Versions

Affected Product(s) | Version(s)
—|—
IBM Rapid Infrastructure Automation | 1.1.4

## Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to IBM Rapid Network Automation version 1.1.5 which can be deployed on-premises.

Please go to https://www.ibm.com/docs/SSPXJL_1.1/upgrading/upgrading_114.html to follow the installation instructions relevant to your chosen architecture.

## Workarounds and Mitigations

None

##