Rewterz Threat Advisory – Threat Actors Targeting Employees Post Lockdown
May 31, 2021Rewterz Threat Alert – Bizarro Banking Trojan – Active IOCs
June 1, 2021Rewterz Threat Advisory – Threat Actors Targeting Employees Post Lockdown
May 31, 2021Rewterz Threat Alert – Bizarro Banking Trojan – Active IOCs
June 1, 2021Severity
Medium
Analysis Summary
CVE-2021-33623
Node.js trim-newlines module is vulnerable to a denial of service, caused by a regular expression denial-of-service (ReDoS) flaw in the .end() method. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
- Denial of Service
Affected Vendors
Node.js
Affected Products
- Node.js trim-newlines 3.0.0
- Node.js trim-newlines 4.0.0
Remediation
Upgrade to the latest version of trim-newlines (3.0.1, 4.0.1 or later) from https://www.npmjs.com/package/trim-newlines