November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – IPStorm Introduces a Malware Variant for Linux
October 2, 2020Rewterz Threat Advisory – CVE-2020-25641 – Linux Kernel biovec usage denial of service
October 5, 2020Rewterz Threat Alert – IPStorm Introduces a Malware Variant for Linux
October 2, 2020Rewterz Threat Advisory – CVE-2020-25641 – Linux Kernel biovec usage denial of service
October 5, 2020
Severity
High
Analysis summary
Node.js loadyaml module could allow a remote attacker to bypass security restrictions, caused by containing malicious code as a preinstall script. By persuading a victim to install a specially-crafted application, an attacker could exploit this vulnerability to writes a public comment, including IP and IP-based geolocation, home directory name, and local username on GitHub.
Impact
Security bypass
Affected Vendors
NodeJs
Affected Products
Node.js loadyaml
Remediation
Refer to vendor advisory for the complete list of affected products and respective patches.