Rewterz Threat Advisory – Multiple F5 Vulnerabilities
May 5, 2022Rewterz Threat Advisory – CVE-2022-28890 – Apache Jena Vulnerability
May 6, 2022Rewterz Threat Advisory – Multiple F5 Vulnerabilities
May 5, 2022Rewterz Threat Advisory – CVE-2022-28890 – Apache Jena Vulnerability
May 6, 2022Severity
High
Analysis Summary
CVE-2022-21189 CVSS:7.3
Node.js dexie module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Dexie.setByKeyPath(obj, keyPath, value) function. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2022-21227 CVSS:5.9
Node.js sqlite3 module is vulnerable to a denial of service, caused by improper input validation by the toString function. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the V8 engine to crash, and results in a denial of service condition.
Impact
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-21189
- CVE-2022-21227
Affected Vendors
- Node.js
Affected Products
- Node.js dexie 4.0.0-alpha.1
- Node.js dexie 4.0.0-alpha.2
- Node.js dexie 3.2.1
- Node.js sqlite3 5.0.2
Remediation
Upgrade to the latest version of Node.js, available from the Node.js Website.