The official site for Saudi CERT
npm Alert
1814
Warning Date
Severity Level
Warning Number
Target Sector
13 February, 2022
● Critical
2022-4375
All
npm has released security updates to address several vulnerabilities in the following products:
- superjson
- engine.io
- Yarn
- js-data
- ua-parser-js
- mout
- push-dir
- systeminformation
- djvalidator
- jsen
- kill-port-process
- pathval
- safetydance
- Handlebars
- Express-handlebars
- strong-nginx-controller
- jscover
- @rkesters/gnuplot
- karma-mojo
- op-browser
- effect
- node-key-sender
- git-add-remote
- install-package
- git-parse
- mixme
- fastify-multipart
Attacker could exploit these vulnerabilities by doing the following:
- Path traversal attack
- Remote Code Execution
- Denial of service attack (DoS)
- Code injection
The CERT team encourages users to review npm security advisory and apply the necessary updates:
- https://github.com/advisories/GHSA-5888-ffcr-r425
- https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
- https://github.com/advisories/GHSA-j4f2-536g-r55m
- https://github.com/advisories/GHSA-j9cf-pr2x-5273
- https://github.com/advisories/GHSA-332q-7ff2-57h2
- https://github.com/advisories/GHSA-h87q-g2wp-47pj
- https://github.com/advisories/GHSA-8mfc-v7wv-p62g
- https://github.com/advisories/GHSA-mqgv-67vx-g4m5
- https://github.com/advisories/GHSA-394c-5j6w-4xmx
- https://github.com/advisories/GHSA-pc58-wgmc-hfjr
- https://github.com/advisories/GHSA-hjxc-462x-x77j
- https://github.com/advisories/GHSA-926x-m6m5-3mmp
- https://github.com/advisories/GHSA-8j36-q8x7-pm6q
- https://github.com/advisories/GHSA-v6wh-2wvh-c8x5
- https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
- https://github.com/advisories/GHSA-vm64-cfqx-3698
- https://github.com/advisories/GHSA-f246-xrrj-g8j6
- https://github.com/advisories/GHSA-xp4x-j9vh-c3wf
- https://github.com/advisories/GHSA-g6ww-v8xp-vmwg
- https://github.com/advisories/GHSA-6m85-wvcr-pgw3
- https://github.com/advisories/GHSA-p5ch-w78f-xh44
- https://github.com/advisories/GHSA-3cqr-58rm-57f8
- https://github.com/advisories/GHSA-62gr-4qp9-h98f
- https://github.com/advisories/GHSA-4jwp-vfvf-657p
- https://github.com/advisories/GHSA-v88g-cgmw-v5xw
- https://github.com/advisories/GHSA-h236-g5gh-vq6c
- https://github.com/advisories/GHSA-c6rq-rjc2-86v2
- https://github.com/advisories/GHSA-fr76-2wp8-fp92
- https://github.com/advisories/GHSA-4v9w-pvwr-38h3
- https://github.com/advisories/GHSA-c5hm-xc74-pqrg
- https://github.com/advisories/GHSA-f2jw-pr2c-9x96
- https://github.com/advisories/GHSA-m6j2-v3gq-45r5
- https://github.com/advisories/GHSA-pf8j-vhg8-xmc3
- https://github.com/advisories/GHSA-3hq6-rmv7-39vh
- https://github.com/advisories/GHSA-6hr9-4692-fch9
- https://github.com/advisories/GHSA-4xrw-wvmq-8jmh
- https://github.com/advisories/GHSA-pfr3-87q3-65rc
- https://github.com/advisories/GHSA-cg57-p69r-3m7p
- https://github.com/advisories/GHSA-r773-pmw3-f4mr
- https://github.com/advisories/GHSA-h9v8-rm3m-5h5f
- https://github.com/advisories/GHSA-6m4r-m3gc-h4r5
- https://github.com/advisories/GHSA-m744-2jj8-vpfv
- https://github.com/advisories/GHSA-765h-qjxv-5f44
- https://github.com/advisories/GHSA-r5cq-9537-9rpf
- https://github.com/advisories/GHSA-qh73-qc3p-rjv2
Rate the content
Share the page
