Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities
September 19, 2021Rewterz Threat Alert – RedLine Malware – Active IOCs
September 19, 2021Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities
September 19, 2021Rewterz Threat Alert – RedLine Malware – Active IOCs
September 19, 2021Severity
High
Analysis Summary
CVE-2021-23442
Node.js @cookiex/deep module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the global proto object. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Affected Vendors
Node.js
Affected Products
- Node.js @cookiex/deep 0.0.6
Remediation
Refer to cookiex-deep GIT Repository for patch, upgrade or suggested workaround information.