npm Updates
1792Warning Date
Severity Level
Warning Number
Target Sector
12 August, 2020
● High
2020-1628
All
Description:
npm released security updates to address two vulnerabilities in the following products:
- serialize-javascript
- Versions prior to 3.1.0
- @progress/kendo-angular-editor
- Versions prior to 1.2.3
Threats:
An attacker could exploit these vulnerabilities by causing the following:
- Execute arbitrary code - remotley
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: