CVE-2024-33883: Medium severity IBM Data Virtualization on Cloud Pak for Data vulnerability
Published Apr 28, 2024
·Updated
Node.js ejs(Embedded JavaScript templates) module is vulnerable to a denial of service, caused by the lack of certain pollution protection. A local attacker could exploit this vulnerability to cause a denial of service.
Other sources
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
— NVD
Affected Software
7 affected componentsFixes available
npm/ejs<3.1.10
3.1.10
IBM Data Virtualization on Cloud Pak for Data<=3.0
IBM Watson Query on Cloud Pak for Data<=2.2
IBM Watson Query on Cloud Pak for Data<=2.1
IBM Watson Query on Cloud Pak for Data<=2.0
IBM Data Virtualization on Cloud Pak for Data<=1.8
IBM Data Virtualization on Cloud Pak for Data<=1.7
Event History
Apr 28, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·04:15 PM
DescriptionSeverityWeakness
Advisory Published
via GitHub·06:30 PM
Aug 15, 2025
Data Sourced
via IBM·03:29 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-33883?
CVE-2024-33883 has a high severity as it exposes applications to denial of service attacks.
2
How do I fix CVE-2024-33883?
To fix CVE-2024-33883, update the ejs package to version 3.1.10 or later.
3
Which versions of ejs are affected by CVE-2024-33883?
CVE-2024-33883 affects ejs versions prior to 3.1.10.
4
Can CVE-2024-33883 be exploited remotely?
No, CVE-2024-33883 requires local access to exploit the vulnerability.
5
Is there a specific software that is vulnerable to CVE-2024-33883?
Yes, IBM Analytics Content Hub versions up to and including 2.0 are vulnerable to CVE-2024-33883.