Rewterz Threat Advisory – Multiple Node.js Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-23518

Node.js cached-path-relative module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the cachedPathRelative function. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2021-23631

Node.js convert-svg-core, convert-svg-to-png, and convert-svg-to-jpeg modules could allow a remote attacker to traverse directories on the system, caused by improper input validation by the SVG file. An attacker could send a specially-crafted SVG file containing “dot dot” sequences (/../) to view arbitrary files on the system.

CVE-2021-23664

Node.js @isomorphic-git/cors-proxy module is vulnerable to server-side request forgery, caused by missing sanitization and validation of the redirection action in middleware.js. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.

Impact

• Code Execution
• Unauthorized Access

Affected Vendors

Node.js

Affected Products

• Node.js cached-path-relative 1.0.2
• Node.js convert-svg-core 0.5.0
• Node.js convert-svg-to-jpeg 0.5.0
• Node.js convert-svg-to-png 0.5.0
• Node.js @isomorphic-git/cors-proxy 2.7.0

Remediation

Upgrade to the latest version of cached-path-relative, available from the NPM Web site.

CVE-2021-23518

CVE-2021-23631

CVE-2021-23664