March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Mirai Botnet – Active IOCs
July 1, 2021
Rewterz Threat Advisory – ICS: Johnson Controls Facility Explorer
July 2, 2021
Rewterz Threat Alert – Mirai Botnet – Active IOCs
July 1, 2021
Rewterz Threat Advisory – ICS: Johnson Controls Facility Explorer
July 2, 2021
Severity
High
Analysis Summary
CVE-2021-22921
Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker could exploit this vulnerability to perform PATH and DLL hijacking attacks
CVE-2021-22918
Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv’s uv__idna_toascii() function. By invoking the function using the DNS module’s lookup() function, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
Impact
- Privileges Escalation
- Denial of Service
- Data Breach
Affected Vendors
Node.js
Affected Products
- Node.js Node.js 12
- Node.js Node.js 14.0
- Node.js Node.js 16.0
Remediation
Upgrade to the latest version of Node.js (12.22.2, 14.17.2, or 16.4.1 or later), available from the Node.js Web site. https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/