CVE-2024-43373

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 15, 2024
Updated: Aug 16, 2024
CWE ID 22
CWE ID 20

Summary

CVE-2024-43373 is a vulnerability affecting the webcrack tool used for reverse engineering JavaScript. This issue arises when processing maliciously crafted code on Windows systems, specifically when using the unpack bundles feature in conjunction with the saving feature. An attacker can exploit this arbitrary file write vulnerability by providing a module name containing a path traversal sequence with Windows path separators. The vulnerability grants the attacker the ability to write arbitrary .js files to the host system, potentially leading to hijacking legitimate Node.js modules and gaining arbitrary code execution. Version 2.14.1 of webcrack has been released to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share