Request a Demo
Rewterz
Rewterz Threat Advisory –Multiple Vulnerabilities In Junos Space Log Collector
August 4, 2021
Rewterz
Rewterz Threat Advisory –CVE-2021-33195 – IBM App Connect Security Vulnerability
August 4, 2021

Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-32804

Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute path sanitization. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.

CVE-2021-32803

Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient symlink protection. An attacker could use a specially-crafted tar file containing “dot dot” sequences (/../) to create or overwrite arbitrary files on the system.

Impact

  • Code Execution
  • Credential Theft

Affected Vendors

Node.js

Affected Products

  • Node.js tar 3.2.0
  • Node.js tar 4.4.0
  • Node.js tar 5.0.0
  • Node.js tar 6.1.0

Remediation

Upgrade to the latest version available at NPM Web site.

https://www.npmjs.com/advisories/1770
https://www.npmjs.com/advisories/1771