Rewterz Threat Alert – Water Pamola Attack Campaign Targeting eCommerce Merchants
January 25, 2022Rewterz Threat Advisory – CVE-2021-4088 – McAfee Data Loss Protection ePO extension Vulnerability
January 26, 2022Severity
High
Analysis Summary
CVE-2021-23518
Node.js cached-path-relative module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the cachedPathRelative function. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-23631
Node.js convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg modules could allow a remote attacker to traverse directories on the system, caused by improper input validation by the SVG file. An attacker could send a specially-crafted SVG file containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE-2021-23664
Node.js @isomorphic-git/cors-proxy module is vulnerable to server-side request forgery, caused by missing sanitization and validation of the redirection action in middleware.js. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
Node.js
Affected Products
- Node.js cached-path-relative 1.0.2
- Node.js convert-svg-core 0.5.0
- Node.js convert-svg-to-jpeg 0.5.0
- Node.js convert-svg-to-png 0.5.0
- Node.js @isomorphic-git/cors-proxy 2.7.0
Remediation
Upgrade to the latest version of cached-path-relative, available from the NPM Web site.
CVE-2021-23518
CVE-2021-23631
CVE-2021-23664