Summary The product includes vulnerable components (e.g., framework libraries) that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-29827 DESCRIPTION: **Node.js ejs module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a server-side template injection flaw. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254586 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) ** CVEID: CVE-2022-25883 DESCRIPTION: **Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the new Range function. By providing specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258647 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: CVE-2022-3517 DESCRIPTION: **minimatch is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the braceExpand function. By sending specially-crafted regex arguments, a remote attacker could exploit this…Read More