npm Updates
1930Warning Date
Severity Level
Warning Number
Target Sector
9 March, 2021
● Medium
2021-2584
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- botframework-connector
- elliptic
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Authentication bypass
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: