npm Updates
1684Warning Date
Severity Level
Warning Number
Target Sector
5 May, 2021
● High
2021-2871
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- redis
- oauth2-server
- exiftool-vendored
- xmlhttprequest-ssl
- merge
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Code injection
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: