Business

CERT-In finds multiple bugs in Node.js that can be used to obtain sensitive info

Thu, Jul 11 2024 08:05:48 PM

New Delhi, Jul 11 (IANS): The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, on Thursday, warned users of multiple vulnerabilities in Node.js, which could allow an attacker to compromise the targeted system.

The affected software includes Node.js versions prior to 18.20.4 (LTS), 20.15.1 (LTS), and 22.4.1 (Current).

"Multiple vulnerabilities have been reported in Node.js which could be exploited by an attacker to obtain sensitive information, bypass security restrictions and execute arbitrary code on the targeted system," said the CERT-In advisory.

According to the cyber agency, these vulnerabilities exist in Node.js due to an inadequate permission model that fails to restrict file stats "through the fs.lstat API, embedding of non-network imports in data URLs, improper handling of batch files in child_process.spawn/child_process.spawnSync, an error when the --allow-fs-write flag is used and improper processing of UNC paths by the Permission Model".

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, bypass security restrictions and execute arbitrary code on the targeted system, the agency mentioned.

CERT-In advised users to apply appropriate security updates as mentioned by the company.

Follow Daijiworld News Network on

MINOR BASILICA OF OUR LADY OF HEALTH HARIHAR

Latest

EU to support Danish climate-friendly dairy production with aid

Rs 80 lac crore being earmarked for logistics sector’s growth: Jayant Chaudhary

Slowdown in US economy to push FPIs buy more in India

August floods cause $280 million damage to Bangladesh's agriculture

‘Made in India’ train sets, swanky coaches: Know all about high speed Meerut Metro

India’s position set to rise in global supply chains with huge chip investments

Indian startups raise more than $348 million funding this week

Business

CERT-In finds multiple bugs in Node.js that can be used to obtain sensitive info

Top Stories

Leave a Comment Your Email address will not be published.

Title: CERT-In finds multiple bugs in Node.js that can be used to obtain sensitive info

You might also like

Military chopper deployed for surveillance amid fresh violence in Manipur

Congress to offer 'good small number' of seats to AAP, says party in-charge for Haryana

Retired SC judge demands inclusion of Bengal CM in RG Kar case probe

Punjab Police crack Ferozepur triple murder case

Haryana: Ex-BJP MLA joins Congress, reposes faith in Bhupinder Hooda's leadership

Vadodara overbridge built in 2022 develops 'large potholes', residents demand action

UP govt plans major upgrades for Baghpat and Muzaffarnagar sugar mills

After Putin, Italian PM Meloni says that India can resolve Russia-Ukraine conflict

Assam to intensify efforts to detect illegal Bangladeshi immigrants: Himanta Biswa Sarma

Rajnath Singh to join BJP's election campaign in J&K on Sunday

Mangaluru: St Joseph the Worker Church, celebrates Konkani Manyatha Divas

Udupi: Souharda Committee visits various Ganeshotsav celebrations in Udyavar

Ninth day’s Novena held at Our Lady of Health Minor Basilica, Harihara

Mangaluru: Playback singer Jaskaran Singh visits multiple sacred sites

Ganesh Utsava festivities turn sour as two killed in road accident in Chikkamagaluru

I want to be with another woman like actor Darshan, says husband as wife ends life in Bengaluru

Karnataka celebrates Ganesh festival with fervour; Hubballi procession begins at Idgah maidan

Kundapur: Two die suddenly in separate incidents

Eighth day’s novena held at Our Lady of Health Minor Basilica, Harihara

Dry day in Udupi due to Ganesh Chaturthi festivities from Sep 7 to 11