Request a Demo
Rewterz
Rewterz Threat Advisory – ICS: Siemens SINEC NMS and SIMATIC
October 22, 2021
Rewterz
Rewterz Threat Advisory – Multiple Microsoft .NET Core, Visual Studio, Dynamics 365
October 25, 2021

Rewterz Threat Advisory – CVE-2021-42740 – Node.js shell-quote module

Severity

High

Analysis Summary

CVE-2021-42740 

Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive letter regex. By sending a specially-crafted shell metacharacter, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

  • Command Execution

Affected Vendors

Node.js

Affected Products

  • Node.js shell-quote 1.7.2

Remediation

Upgrade to the latest version of shell-quote, available from the shell-quote GIT Repository.

https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe