March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-24429 – Node.js convert-svg-core module Vulnerability
June 9, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 9, 2022Rewterz Threat Advisory – CVE-2022-24429 – Node.js convert-svg-core module Vulnerability
June 9, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 9, 2022
Severity
High
Analysis Summary
CVE-2022-25863
Node.js gatsby-plugin-mdx module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when passing input through to the gray-matter package. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-25863
Affected Vendors
Node.js
Affected Products
Node.js gatsby-plugin-mdx 2.14.1
Node.js gatsby-plugin-mdx 3.15.2
Remediation
Refer to gatsby GIT Repository for patch, upgrade or suggested workaround information.