Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities
September 19, 2021
Rewterz
Rewterz Threat Alert – RedLine Malware – Active IOCs
September 19, 2021

Rewterz Threat Advisory – CVE-2021-23442 – Node.js @cookiex/deep module Vulnerability

Severity

High

Analysis Summary

CVE-2021-23442

Node.js @cookiex/deep module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the global proto object. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code Execution

Affected Vendors

Node.js

Affected Products

  • Node.js @cookiex/deep 0.0.6

Remediation

Refer to cookiex-deep GIT Repository for patch, upgrade or suggested workaround information.

https://github.com/tony-tsx/cookiex-deep/commit/b5bea2b7f34a5fa9abb4446cbd038ecdbcd09c88