Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability
August 23, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
August 23, 2022Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability
August 23, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
August 23, 2022Severity
High
Analysis Summary
CVE-2022-35204
Node.js vite module could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-35204
Affected Vendors
Node.js
Affected Products
- Node.js vite 2.9.12
- Node.js vite 2.9.11
- Node.js vite 2.9.10
- Node.js vite 2.9.9
Remediation
Upgrade to the latest version of Node.js vite module, available from the NPM Website.