npm Updates
1611Warning Date
Severity Level
Warning Number
Target Sector
18 May, 2021
● High
2021-2929
All
Description:
npm has released security updates to address several vulnerabilities in the following products:
- websocket-extensions
- fastify-csrf
- jspdf
- devcert
- rollup-plugin-serve
- react-native-fast-image
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Code injection
- Cross-site scripting (XSS)
- Path traversal attack
Best practice and Recommendations:
The CERT team encourages users to review npm security advisory and apply the necessary updates: