Rewterz Threat Advisory – CVE-2022-35204 – Node.js vite module Vulnerability

Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability

August 23, 2022

Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs

August 23, 2022

Rewterz Threat Advisory – CVE-2022-35204 – Node.js vite module Vulnerability

Severity

High

Analysis Summary

CVE-2022-35204

Node.js vite module could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

Information Theft

Indicators Of Compromise

CVE

CVE-2022-35204

Affected Vendors

Node.js

Affected Products

Node.js vite 2.9.12
Node.js vite 2.9.11
Node.js vite 2.9.10
Node.js vite 2.9.9

Remediation

Upgrade to the latest version of Node.js vite module, available from the NPM Website.

NPM Website

Rewterz Threat Advisory – CVE-2022-2330 – McAfee Data Loss Prevention (DLP) Endpoint for Windows Vulnerability

Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs

Rewterz Threat Advisory – CVE-2022-35204 – Node.js vite module Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan