{"vulnerability": "CVE-2021-23406", "sightings": [{"uuid": "21aca72c-2ff1-43e2-9b03-71d8e5a0f664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23406", "type": "seen", "source": "https://t.me/cibsecurity/27756", "content": "\u203c CVE-2021-23406 \u203c\n\nThis affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T12:23:46.000000Z"}, {"uuid": "1d12de5f-a7cb-47a7-8682-701ea5eb1080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23406", "type": "seen", "source": "https://t.me/thehackernews/1508", "content": "A high-severity remote code execution vulnerability (CVE-2021-23406) has been identified in Pac-Resolver, a popular NPC package with about 3 million weekly downloads, affecting Node.js applications.\n\nRead: https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html", "creation_timestamp": "2021-09-13T15:55:18.000000Z"}]}