Rewterz Threat Alert – Multitasking multi-currency Cryptostealer KryptoCibule
September 3, 2020Rewterz Threat Alert – TA413 Targets Tibet and Europe with Sepulcher Malware
September 3, 2020Rewterz Threat Alert – Multitasking multi-currency Cryptostealer KryptoCibule
September 3, 2020Rewterz Threat Alert – TA413 Targets Tibet and Europe with Sepulcher Malware
September 3, 2020Severity
High
Analysis Summary
Node.js tiny-conf could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in set function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Gain Access
Affected Vendors
NodeJs
Affected Products
Node.js tiny-conf
Remediation
Refer to POC for the attack vector and the usage of user interaction for the exploitation of the vulnerability.