Rewterz Threat Advisory –Multiple Vulnerabilities In Junos Space Log Collector

August 4, 2021

Rewterz Threat Advisory –CVE-2021-33195 – IBM App Connect Security Vulnerability

August 4, 2021

Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

August 4, 2021

Severity

High

Analysis Summary

CVE-2021-32804

Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute path sanitization. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.

CVE-2021-32803

Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient symlink protection. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.

Impact

Code Execution
Credential Theft

Affected Vendors

Node.js

Affected Products

Node.js tar 3.2.0
Node.js tar 4.4.0
Node.js tar 5.0.0
Node.js tar 6.1.0

Remediation

Upgrade to the latest version available at NPM Web site.

https://www.npmjs.com/advisories/1770

https://www.npmjs.com/advisories/1771

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory –Multiple Vulnerabilities In Junos Space Log Collector

Rewterz Threat Advisory –CVE-2021-33195 – IBM App Connect Security Vulnerability