npm Alert
1712Warning Date
Severity Level
Warning Number
Target Sector
10 February, 2022
● High
2022-4366
All
npvm has released security updates to address several vulnerabilities in the following products:
- engine.io < 4.0.0
- yarn <= 1.21.1
- ua-parser-js < 0.7.23
- mout < 1.2.3
- push-dir <= 0.4.1
- systeminformation <= 1.1.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory:
- https://github.com/advisories/GHSA-8mfc-v7wv-p62g
- https://github.com/advisories/GHSA-394c-5j6w-4xmx
- https://github.com/advisories/GHSA-pc58-wgmc-hfjr
- https://github.com/advisories/GHSA-926x-m6m5-3mmp
- https://github.com/advisories/GHSA-8j36-q8x7-pm6q
- https://github.com/advisories/GHSA-v6wh-2wvh-c8x5
- https://github.com/advisories/GHSA-j4f2-536g-r55m