npm Updates
1759Warning Date
Severity Level
Warning Number
Target Sector
25 May, 2021
● High
2021-2951
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- browserslist
- from 4.0.0 and before 4.16.5
- xmlhttprequest-ssl package
- before 1.6.1
- dns-packet
- before 5.2.2.
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Bypass of a protection mechanism
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: