February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Cisco Webex Meetings security bypass
March 4, 2021Rewterz Threat Advisory – ICS: Rockwell Automation 1734-AENTR Series B and Series C
March 5, 2021Rewterz Threat Advisory – Cisco Webex Meetings security bypass
March 4, 2021Rewterz Threat Advisory – ICS: Rockwell Automation 1734-AENTR Series B and Series C
March 5, 2021
Severity
High
Analysis Summary
CVE-2021-21353
Node.js pug and pug-code-gen could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the pretty option of the pug compiler. By sending a specially-crafted request using the the query parameters, an attacker could exploit this vulnerability to execute arbitrary code on the node.js backend.
Impact
Gain Access
Affected Vendors
NodeJs
Affected Products
- Node.js pug-code-gen 2.0.2
- Node.js pug-code-gen 3.0.1
- Node.js pug 3.0.0
Remediation
Upgrade to the latest version of pug (3.0.1 or later).