Rewterz Threat Advisory –Multiple Mozilla Firefox Security Vulnerabilities
August 11, 2021Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021Rewterz Threat Advisory –Multiple Mozilla Firefox Security Vulnerabilities
August 11, 2021Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021Severity
High
Analysis Summary
CVE-2021-22931
Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library.
CVE-2021-22939
Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and “undefined” was in passed for the “rejectUnauthorized” parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate.
Impact
- Unauthorized Access
Affected Vendors
Node.js
Affected Products
- Node.js Node.js 12
- Node.js Node.js 14.0
Remediation
Upgrade to the latest version of Node.js available from the Node.js Website.