November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory –Multiple Mozilla Firefox Security Vulnerabilities
August 11, 2021Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021Rewterz Threat Advisory –Multiple Mozilla Firefox Security Vulnerabilities
August 11, 2021Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021
Severity
High
Analysis Summary
CVE-2021-22931
Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library.
CVE-2021-22939
Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and “undefined” was in passed for the “rejectUnauthorized” parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate.
Impact
- Unauthorized Access
Affected Vendors
Node.js
Affected Products
- Node.js Node.js 12
- Node.js Node.js 14.0
Remediation
Upgrade to the latest version of Node.js available from the Node.js Website.