npm Updates
1704Warning Date
Severity Level
Warning Number
Target Sector
4 March, 2021
● Medium
2021-2569
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- fastify-reply-from
- before version 4.0.2
- pug , pug-code-gen
- 0.0.0
- 0.1.0
- 2.0.0
- 2.0.1
- 2.0.2
- 2.0.3
- 2.0.4
- 3.0.0
- 3.0.1
- fastify-http-proxy
- before version 4.3.1
- matrix-react-sdk
- before version 3.15.0
Threats:
Remote attacker could exploit these vulnerabilities by executing arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: