Lazarus Group Uses Deceptive Job Lures to Implement New Kaolin RAT
April 26, 2024WP-Automatic Plugin Flaw Used by Threat Actors to Create Admin Accounts on WordPress Sites
April 26, 2024Lazarus Group Uses Deceptive Job Lures to Implement New Kaolin RAT
April 26, 2024WP-Automatic Plugin Flaw Used by Threat Actors to Create Admin Accounts on WordPress Sites
April 26, 2024Severity
High
Analysis Summary
CVE-2024-21511
Node.js mysql2 module could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of the timezone parameter in the readCodeFor function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-21511
Affected Vendors
Affected Products
- Node.js mysql2 3.9.6
Remediation
Upgrade to the latest version of mysql2, available from the Node.js GIT Repository.