Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

October 21, 2021

Rewterz Threat Alert – Logical Attack Hitting ATM Machine in Pakistan

October 21, 2021

Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module

Severity

Medium

Analysis Summary

CVE-2021-23449

Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system.

Impact

Code Execution

Affected Vendors

Node.js

Affected Products

Node.js vm2 3.9.3

Remediation

Upgrade to the latest version of vm2, available from the vm2 GIT Repository.

https://github.com/patriksimek/vm2/issues/363

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Rewterz Threat Alert – Logical Attack Hitting ATM Machine in Pakistan

Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module

Severity

Analysis Summary

CVE-2021-23449

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan