JavaScript package manager npm last week addressed a vulnerability that could allow a publisher to access files on a user’s system.
The issue impacts versions of npm prior to 6.13.3 and versions of yarn prior to 1.21.1, and it could be exploited through a specially crafted entry in the package.json bin field. npm v6.13.4 addresses the vulnerability.
from SecurityWeek RSS Feed https://ift.tt/2S06UYK
via https://ifttt.com/ IFTTT
No comments:
Post a Comment