Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”

April 27, 2021

Rewterz Threat Alert – Nanocore RAT – Active IOCs

April 27, 2021

Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service

April 27, 2021

Severity

Medium

Analysis Summary

CVE-2021-23382

Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Affected Vendors

Node.js

Affected Products

Node.js postcss 8.2.12

Remediation

Upgrade to the latest version of postcss (8.2.13 or later), available from the postcss GIT Repository.

postcss GIT Repository

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SonicWall Flags Active Exploitation of Critical Security Flaws

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Cactus Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Apple MacOS Big Sur Vulnerabilities Leaving Users at “Grave Risk”

Rewterz Threat Alert – Nanocore RAT – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.