Summary A potential vulnerability in GNOME libsoup has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52530 DESCRIPTION: GNOME libsoup is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CWE:CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CVSS Source: IBM X-Force CVSS Base score: 6.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID:CVE-2024-52532 DESCRIPTION: GNOME libsoup is vulnerable to a denial of service, caused by an infinite loop and memory consumption flaws when reading certain patterns of WebSocket data. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CWE:CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Affected Version(s) —|— IBM watsonx Assistant for IBM Cloud Pak for Data| 4.0.0 – 4.8.7 Remediation/Fixes For all affected…Read More