Rewterz Threat Advisory – CVE-2022-21449 – Oracle Java SE Vulnerability

April 25, 2022

Rewterz Threat Advisory – IBM Planning Analytics Workspace Vulnerabilities

April 26, 2022

Rewterz Threat Advisory – Node.js ejs Module and Angular Module Vulnerabilities

April 26, 2022

Severity

High

Analysis Summary

CVE-2022-25844 CVSS:5.3

Node.js Angular module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in posPre: ‘ ‘.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-29078 CVSS:9.8

Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection flaw in settings[view options][outputFunctionName]. By sending a specially-crafted HTTP request to overwrites the outputFunctionName option with an arbitrary OS command, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Denial of Service
Code Execution

Indicators Of Compromise

CVE

CVE-2022-25844
CVE-2022-29078

Affected Vendors

Node.js

Affected Products

Node.js angular 1.8.3
Node.js ejs 3.1.6

Remediation

Upgrade to the latest version of Node.js, available from the Node.js Website.

CVE-2022-25844
CVE-2022-29078

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple QNAP Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

Multiple Microsoft Windows Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us