Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
March 7, 2022Rewterz Threat Advisory – CVE-2022-26336 – Apache POI Vulnerability
March 7, 2022Rewterz Threat Alert – DanaBot Trojan – Active IOCs
March 7, 2022Severity
Medium
Analysis Summary
CVE-2022-24725
Node.js shescape module could allow a local attacker to obtain sensitive information, caused by a flaw when using Bash with the “escape” or “escapeAll” functions from the shescape API with the “interpolation” option set to “true”. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the home directory information on Unix system, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-24725
Affected Vendors
Node.js
Affected Products
- Node.js shescape 1.5.0
- Node.js shescape 1.4.0
Remediation
Upgrade to the latest version of shescape, available from the shescape GIT Repository.
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-446w-rrm4-r47f