npm Updates
1778Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2021
● Medium
2021-3631
All
Description:
npm has released security updates to address multiple vulnerabilities in the following products:
- strapi
- <= 3.6.0
- mongo-express
- <= 0.54.0
- froala-editor
- <= 3.2.6
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Cross-site scripting (XSS)
- Change user's password
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: