Node.js realtime-react-ui module code execution |

May 6, 2022

NAME

Node.js realtime-react-ui module code execution

  • Platforms Affected:
    Node.js realtime-react-ui
  • Risk Level:
    8.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

Node.js realtime-react-ui module could allow a remote attacker to execute arbitrary code on the system, caused by embedded malicious code. By persuading a victim to install this package, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Unavailable

MITIGATION

No remedy available as of May 5, 2022.

  • Reference Link:
    https://security.snyk.io/vuln/SNYK-JS-REALTIMEREACTUI-2806400
  • Reference Link:
    https://www.npmjs.com/package/realtime-react-ui

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

intel

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

October 29, 2024
white house

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

October 29, 2024
image 1

CVE Alert: CVE-2024-9825

October 29, 2024
image 1

CVE Alert: CVE-2024-50434

October 29, 2024
image 1

CVE Alert: CVE-2024-50435

October 29, 2024