Rewterz Threat Alert – RedEnergy: Advanced Stealer-as-a-Ransomware Targets Energy and Telecom Sectors – Active IOCs
July 6, 2023Rewterz Threat Advisory – CVE-2023-36934 – Progress Software MOVEit Transfer Vulnerability
July 6, 2023Rewterz Threat Alert – RedEnergy: Advanced Stealer-as-a-Ransomware Targets Energy and Telecom Sectors – Active IOCs
July 6, 2023Rewterz Threat Advisory – CVE-2023-36934 – Progress Software MOVEit Transfer Vulnerability
July 6, 2023Severity
High
Analysis Summary
CVE-2023-35935
Node.js @fastify/oauth2 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the state parameter. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-35935
Affected Vendors
Node.js
Affected Products
- Node.js @fastify/oauth2 2.6.9
- Node.js @fastify/oauth2 2.6.8
Remediation
Refer to the fastify/oauth2 GIT Repository for patch, upgrade or suggested workaround information.