npm Alert
1876Warning Date
Severity Level
Warning Number
Target Sector
9 January, 2022
● Medium
2022-4178
All
npm has released security updates to address multiple vulnerabilities in the following products:
- scratch-svg-renderer
- <= 0.2.0
- node-forge
- < 1.0.0
- < 0.10.0
- @soketi/soketi
- < 0.24.1
Attacker could exploit this vulnerability by doing the following:
- Denial of service attack (DoS)
- Arbitrary code execution
The CERT team encourages users to review npm security advisory and apply the necessary updates: