Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple IBM Flash System And Standards Processing Engine Vulnerabilities
October 22, 2021
Rewterz
Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 22, 2021

Rewterz Threat Advisory – CVE-2021-41167 – Node.js modern-async module

Severity

Medium

Analysis Summary

CVE-2021-41167

Node.js modern-async module is vulnerable to a denial of service, caused by not limit the number of requests by the forEachSeries and forEachLimit functions. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

  • Denial of Services

Affected Vendors

Node.js

Affected Products

  • Node.js modern-async 1.0.3

Remediation

Upgrade to the latest version of modern-async, available from the modern-async GIT Repository.

https://github.com/nicolas-van/modern-async/security/advisories/GHSA-3pcq-34w5-p4g2