Vulnerabilities

Npm Patches Vulnerability Allowing Access to User Files

JavaScript package manager npm last week addressed a vulnerability that could allow a publisher to access files on a user’s system. The issue impacts versions of npm prior to 6.13.3 and versions of yarn prior to 1.21.1, and it could be exploited through a specially crafted entry in the package.json bin field. npm v6.13.4 addresses the vulnerability. The post Npm Patches Vulnerability Allowing Access to User Files appeared first on SecurityWeek.

f
𝕏
R

JavaScript package manager npm last week addressed a vulnerability that could allow a publisher to access files on a user’s system.

The issue impacts versions of npm prior to 6.13.3 and versions of yarn prior to 1.21.1, and it could be exploited through a specially crafted entry in the package.json bin field. npm v6.13.4 addresses the vulnerability.

Latest News

TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
T-Mobile Sets the Record Straight on Latest Data Breach Filing
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
Critical Vulnerability in Claude Code Emerges Days After Source Leak

Publisher