npm Updates
1723Warning Date
Severity Level
Warning Number
Target Sector
13 April, 2021
● Medium
2021-2745
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- set-or-get
- version 1.0.0 through 1.2.10
- mongodb-client-encryption
- 1.2.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: