February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
October 21, 2021Rewterz Threat Alert – Logical Attack Hitting ATM Machine in Pakistan
October 21, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
October 21, 2021Rewterz Threat Alert – Logical Attack Hitting ATM Machine in Pakistan
October 21, 2021
Severity
Medium
Analysis Summary
CVE-2021-23449
Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system.
Impact
- Code Execution
Affected Vendors
Node.js
Affected Products
- Node.js vm2 3.9.3
Remediation
Upgrade to the latest version of vm2, available from the vm2 GIT Repository.