npm Update
1712Warning Date
Severity Level
Warning Number
Target Sector
7 January, 2021
● Medium
2021-2279
All
Description:
npm has released security update to address a vulnerability in the following product:
- URI.js
- Version 1.19.3 and earlier
Threats:
Attacker could exploit this vulnerability by doing the following:
- Server-side request forgery (SSRF)
- Allow/block list bypasses
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary update: