npm Updates
1564Warning Date
Severity Level
Warning Number
Target Sector
21 October, 2021
● High
2021-3717
All
Description:
npm has released security updates to address multiple vulnerabilities in the following products:
- backstage/plugin-scaffolder-backend
- >= 0.9.4
- < 0.15.9
- vm2
- < 3.9.4
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Path traversal attack
- Arbitrary code execution
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: