Imechapishwa: Nov 04, 2024 09:42
Advisory No: TZCERT-SA-24-0037
Source: IBM
Software Affected: golang, dojo
Multiple IBM products are vulnerable to critical vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code.
IBM products depending on golang, and dojo are affected by critical vulnerabilities tracked as CVE-2024-24787, and CVE-2021-23450 with CVSS base scores of 9.8 each. The vulnerabilities result from flaws during the build on darwin, and prototype pollution in the setObject function. The attacker can exploit these vulnerabilities by sending a specially crafted request to execute arbitrary code on the system.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
