NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets

by
from The Register on (#4WGDJ)
Story ImageTrio of vulnerabilities made registry full of uncertain code even more of a risk

On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript packages into the npm registry, warned that its command line tool, the npm CLI, has a rather serious security vulnerability. Version 6.13.4 has been rushed out with a fix."

External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title The Register
Feed Link https://www.theregister.com/
Feed Copyright Copyright © 2024, Situation Publishing
Reply 0 comments