npm Updates
1818Warning Date
Severity Level
Warning Number
Target Sector
28 February, 2021
● High
2021-2537
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- Node-RED
- 0.20.0 0.20.1 0.20.2 0.20.3 0.20.4 0.20.5 0.20.6 0.20.7 0.20.8 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7
- querystringify
- 0.0.0 0.0.1 0.0.2 0.0.3 0.0.4 1.0.0
- nwmatcher
- 1.2.5 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: