Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service

Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”

April 27, 2021

Rewterz Threat Alert – Nanocore RAT – Active IOCs

April 27, 2021

Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service

Severity

Medium

Analysis Summary

CVE-2021-23382

Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Affected Vendors

Node.js

Affected Products

Node.js postcss 8.2.12

Remediation

Upgrade to the latest version of postcss (8.2.13 or later), available from the postcss GIT Repository.

postcss GIT Repository

Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”

Rewterz Threat Alert – Nanocore RAT – Active IOCs

Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service

Severity

Analysis Summary

CVE-2021-23382

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan