November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability
August 23, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
August 23, 2022Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability
August 23, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
August 23, 2022
Severity
High
Analysis Summary
CVE-2022-35204
Node.js vite module could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-35204
Affected Vendors
Node.js
Affected Products
- Node.js vite 2.9.12
- Node.js vite 2.9.11
- Node.js vite 2.9.10
- Node.js vite 2.9.9
Remediation
Upgrade to the latest version of Node.js vite module, available from the NPM Website.