Rewterz Threat Alert – NJRAT – Active IOCs
September 7, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
September 7, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 7, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
September 7, 2021Severity
High
Analysis Summary
CVE-2021-3766
Node.js objection.js module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
NodeJs
Affected Products
- Node.js objection.js
Remediation
Refer to objection.js GIT Repository for the patch, upgrade, or suggested workaround information.
https://github.com/vincit/objection.js/commit/b41aab8dcd78f426f7468dcda541a7aca18a66a6