Summary Multiple Node.js vulnerabilitiies have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-32005 DESCRIPTION: *Node.js could allow a remote attacker to obtain sensitive information, caused by the failure to restrict file stats through the fs.statfs API in the permission model. By using the –allow-fs-read flag with a non- argument, an attacker could exploit this vulnerability to retrieve stats from files that they do not have explicit read access to. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262903 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: CVE-2023-32006 DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by the use of module.constructor.createRequire(). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the permission policy mechanism. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262901 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: CVE-2023-32003 DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a missing getValidatedPath() check in the fs.mkdtemp() and…Read More