Request a Demo
Rewterz
Rewterz Threat Advisory – ICS – Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
August 29, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-3712 – Out-of-Bounds Read Vulnerability in OpenSSL
August 30, 2021

Rewterz Threat Advisory – CVE-2021-23434 – Node.js Object-Path Module Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-23434

Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when the path components used in the path parameter are arrays. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Unauthorized Access
  • Code Execution

Affected Vendors

Node.js

Affected Products

  • Node.js object-path 0.11.5

Remediation

Upgrade to the Node.js latest version of object-path, available from the NPM Web site.

https://www.npmjs.com/package/object-path