npm Update
1783Warning Date
Severity Level
Warning Number
Target Sector
2 December, 2021
● Medium
2021-3968
All
Description:
npm has released a security update to address a vulnerability in the following product:
- hexo
- >= 0.0.1, <= 5.4.0
Threats:
Attacker could exploit this vulnerability by triggering Cross-site scripting (XSS) attack.
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary update: