Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)
  • Node.js
  • Sydney
  • Description
    OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. The "semver" module is vulnerable to regular expression denial of service (ReDoS) when extremely long version strings are parsed.

    A user action is needed to update your instances.

    For more information, see the security bulletin.