March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 14, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
February 15, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 14, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
February 15, 2022
Severity
High
Analysis Summary
CVE-2021-23597
Node.js fastify-multipart module is vulnerable to a denial of service, caused by improper input validation. By providing a name=constructor property, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2022-0508
Node.js @peertube/embed-api module is vulnerable to server-side request forgery, caused by a flaw in the URL download procedure. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to enumerate local server files and media files.
Impact
- Gain Access
- Denial of Service
Indicators of Compromise
CVE
- CVE-2022-0508
- CVE-2021-23597
Affected Vendors
Node.js
Affected Products
- Node.js @peertube/embed-api
- Node.js fastify-multipart 5.3.0
Remediation
Refer to the vendor website to download patches, updates, and apply workarounds: