npm Updates
1590Warning Date
Severity Level
Warning Number
Target Sector
20 July, 2021
● High
2021-3223
All
Description:
npm has released security updates to address multiple vulnerabilities in the following products:
- gatsby-source-wordpress plugin
- prior to versions 4.0.8 and 5.9.2
- URL
- Before 1.19.7
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Redirect user to malicious page
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: