Rewterz Threat Advisory – CVE-2023-27997 – Fortinet FortiGate and FortiOS Vulnerability
June 12, 2023Rewterz Threat Alert – StormKitty Stealer: A Threatening Information-Stealing Malware – Active IOCs
June 12, 2023Rewterz Threat Advisory – CVE-2023-27997 – Fortinet FortiGate and FortiOS Vulnerability
June 12, 2023Rewterz Threat Alert – StormKitty Stealer: A Threatening Information-Stealing Malware – Active IOCs
June 12, 2023Severity
High
Analysis Summary
CVE-2023-26132
Node.js dottie module is vulnerable to a denial of service, caused by a prototype pollution flaw in the set() function in /dottie.js. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-26132
Affected Vendors
Node.js
Affected Products
- Node.js dottie 2.0.3
Remediation
Upgrade to the latest version of dottie, available from the dottie.js GIT Repository.