Rewterz Threat Alert – Remcos RAT – Active IOCs
June 8, 2022Rewterz Threat Advisory – CVE-2022-25863 – Node.js gatsby-plugin-mdx module Vulnerability
June 9, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
June 8, 2022Rewterz Threat Advisory – CVE-2022-25863 – Node.js gatsby-plugin-mdx module Vulnerability
June 9, 2022Severity
High
Analysis Summary
CVE-2022-24429
Node.js convert-svg-core module could allow a remote attacker to traverse directories on the system, caused by a flaw when converting SVG into another format using headless Chromium. An attacker could use a specially crafted SVG file to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-24429
Affected Vendors
Node.js
Affected Products
Node.js convert-svg-core 0.6.2
Remediation
Upgrade to the latest version of Node.js convert-svg-core module, available from the NPM Web site.