npm Updates
1705Warning Date
Severity Level
Warning Number
Target Sector
2 March, 2021
● Medium
2021-2547
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- @progfay/scrapbox-parser
- 1.0.0 1.0.1 1.0.2 1.1.0 1.1.1 1.1.2 1.2.0 1.3.0 1.4.0 2.0.0 2.1.0 2.1.1 2.2.0 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.5.1 2.5.2 2.5.3 2.6.0 3.0.0 3.1.0 4.0.0 4.0.1 4.0.2 4.0.3 5.0.0 5.0.1 5.0.2 5.0.3 5.0.4 6.0.0 6.0.1 7.0.0 6.0.2 7.0.1
- urijs
- 1.16.1 1.17.0 1.17.1 1.18.0 1.18.1 1.18.2 1.18.3 1.18.4 1.18.5 1.18.6 1.18.7 1.18.8 1.18.9 1.18.10 1.18.11 1.18.12 1.19.0 3 years ago 1.19.1 1.19.2 1.19.3 1.19.4 1.19.5
- three
- 0.54.0 0.55.0 0.56.0 0.56.1 0.56.2 0.56.3 0.56.4 0.58.1 0.58.2 0.58.3 0.58.4 0.58.5 0.58.6 0.56.7 0.58.7 0.58.8 0.58.9 0.58.10 7 years ago 0.66.0 0.66.1 0.66.2 0.67.0 0.68.0 0.66.3 0.66.4 0.66.5 0.66.6 0.66.7 0.66.8 0.66.9 0.66.10 0.66.11 0.66.12 0.66.13 0.66.14 0.66.15 0.66.16 0.66.17 0.66.18 0.66.19 0.69.0 0.66.20 0.66.21 0.66.22 0.66.23 0.66.24 0.66.25 0.66.26 0.66.27 0.66.28 0.66.29 0.66.30 0.66.31 0.66.35 0.66.36 0.66.37 0.66.38 0.66.39 0.66.40 0.70.0 0.66.41 0.66.42 0.66.43 0.66.45 0.66.46 0.66.47 0.66.48 0.66.49 0.66.50 0.66.51 0.66.52 0.66.53 0.66.54 0.66.55 0.66.56 0.66.57 0.66.58 0.66.59 0.66.60 0.66.61 0.66.62 0.66.63 0.71.0 0.70.1 0.66.64 0.66.65 0.66.66 0.66.67 0.66.68 0.66.69 0.66.70 0.66.71 0.66.72 0.66.73 0.66.74 0.66.75 0.66.76 0.66.77 0.66.78 0.66.79 0.66.80 0.66.81 0.66.83 0.66.84 0.66.85 0.68.86 0.66.86 0.71.1 0.72.0 0.68.87 0.66.87 0.66.82 0.73.0 0.66.88 0.66.89 0.66.90 0.66.91 0.66.92 0.66.93 0.66.94 0.66.95 0.66.96 0.66.97 0.73.1 0.73.3 0.73.2 0.74.0 0.75.0 0.76.1 0.77.0 0.77.1 0.78.0 0.79.0 0.80.0 0.80.1 0.81.0 0.81.1 0.81.2 0.82.0 0.82.1 0.83.0 0.84.0 0.85.0 0.85.1 0.85.2 0.86.0 0.87.0 0.87.1 0.88.0 0.89.0 0.90.0 0.91.0 0.92.0 0.93.0 0.94.0 0.95.0 0.96.0 0.97.0 0.98.0 0.99.0 0.100.0 0.101.0 0.101.1 0.102.0 0.102.1 0.103.0 0.104.0 0.105.0 0.105.1 0.105.2 0.106.0 0.106.1 0.106.2 0.107.0 0.108.0 0.109.0 0.110.0 0.111.0 0.112.0 0.112.1 0.113.0 0.113.1 0.113.2 0.114.0 0.115.0 0.116.0 0.116.1 0.117.0 0.117.1 0.118.0 0.118.1 0.118.2 0.118.3 0.119.0 0.119.1 0.120.0 0.120.1 0.121.0 0.121.1 0.122.0 0.123.0 0.124.0
- prismjs
- 0.0.1 1.1.0 1.2.0 1.3.0 1.4.1 1.5.0 1.5.1 1.6.0 1.7.0 1.8.0 1.8.1 1.8.3 1.8.4 1.9.0 1.10.0 1.11.0 1.12.0 1.12.2 1.13.0 1.14.0 1.15.0 1.16.0 1.17.0 1.17.1 1.18.0 1.19.0 1.20.0 1.21.0 1.22.0
- docsify
- 0.0.1 0.0.2 0.0.3 0.0.4 0.0.5 0.1.0 0.2.0 0.2.1 0.3.0 0.3.1 0.4.0 0.4.1 0.4.2 0.5.0 0.6.0 0.6.1 0.7.0 1.0.0 1.0.1 1.0.2 1.0.3 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.4.0 1.4.1 1.4.2 1.4.3 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.8.0 1.9.0 1.10.0 1.10.1 1.10.2 1.10.3 1.10.4 1.10.5 2.0.0 2.0.1 2.0.2 2.0.3 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.4.3 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.1.0 3.1.1 3.1.2 3.2.0 3.3.0 3.4.0 3.4.1 3.4.2 3.4.3 3.4.4 3.5.0 3.5.1 3.5.2 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.6.5 3.6.6 3.7.0 3.7.1 3.7.2 3.7.3 4.0.0 4.0.1 4.0.2 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8 4.1.9 4.1.10 4.1.11 4.1.12 4.1.13 4.1.14 4.2.0 4.2.1 4.2.2 4.2.3 4.2.4 4.2.6 4.2.7 4.2.8 4.2.9 4.3.0 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.3.9 4.3.10 4.3.11 4.3.12 4.3.13 4.3.14 4.3.15 4.4.0 4.4.1 4.5.0 4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.5.6 4.5.7 4.5.8 4.5.9 4.6.0 4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.6.6 4.6.7 4.6.8 4.6.9 4.6.10 4.7.0 4.7.1 4.8.0 4.8.1 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6 4.9.0 4.9.1 4.9.2 4.9.4 4.10.0 4.10.2 4.11.0 4.11.1 4.11.2 4.11.3 4.11.4 4.11.5 4.11.6
- rendertron
- 1.0.0 1.0.1 1.1.0 1.1.1 2.0.0 2.0.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Server-side request forgery (SSRF)
- Spoofing attack
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: