February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-34746 – Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
September 2, 2021Rewterz Threat Advisory –CVE-2021-34759 – Cisco Identity Services Engine Cross-Site Scripting Vulnerability
September 2, 2021Rewterz Threat Advisory – CVE-2021-34746 – Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
September 2, 2021Rewterz Threat Advisory –CVE-2021-34759 – Cisco Identity Services Engine Cross-Site Scripting Vulnerability
September 2, 2021
Severity
Medium
Analysis Summary
CVE-2021-23438
Node.js mpath module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-23436
Node.js immer module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Unauthorized Access
- Code Execution
Affected Vendors
Node.js
Affected Products
- Node.js mpath 0.8.3
- Node.js immer 9.0.5
Remediation
Upgrade to the latest version of immer, available from the NPM Web site.
https://www.npmjs.com/package/mpath
Upgrade to the latest version of immer, available from the NPM Web site.