Rewterz Threat Alert – XCSSET Mac Malware adapts to target macOS 11 and M1-based Macs – IOCs

April 20, 2021

Rewterz Threat Advisory – CVE-2021-29461 – Discord-Recon Local File Include Vulnerability

April 21, 2021

Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

April 20, 2021

Severity

High

Analysis Summary

CVE-2021-23374

Node.js ps-visitor module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23375

Node.js psnode module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23376

Node.js ffmpegdotjs module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23377

Node.js onion-oled-js module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23378

Node.js picotts module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23379

Node.js portkiller module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23380

Node.js roar-pidusage module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

CVE-2021-23381

Node.js killing module allows a remote attacker to execute arbitrary commands on the system. The vulnerability is caused by the use of the child_process exec function without input validation. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands on the system.

Impact

Unauthorized Access

Affected Vendors

NodeJS

Affected Products

Node.js ps-visitor 0.0.1
Node.js ps-visitor 0.0.2
Node.js psnode 0.0.1
Node.js ffmpegdotjs 0.0.2
Node.js ffmpegdotjs 0.0.3
Node.js ffmpegdotjs 0.0.4
Node.js onion-oled-js 0.0.1
Node.js onion-oled-js 0.0.2
Node.js picotts 0.1.0
Node.js picotts 0.1.1
Node.js portkiller 1.0.0 all versions
Node.js roar-pidusage 1.1.4 all versions
Node.js killing 0.0.1 all versions

Remediation

Node.js is yet to release a patch for the affected products. For more updates, visit https://docs.npmjs.com/searching-for-and-choosing-packages-to-download

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us