Security News > 2019 > December > NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets
2019-12-13 02:05
Trio of vulnerabilities made registry full of uncertain code even more of a risk On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript packages into the npm registry, warned that its command line tool, the npm CLI, has a rather serious security vulnerability. Version 6.13.4 has been rushed out with a fix.…
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/13/npm_path_traversal_bug/
Related news
- Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner (source)
- New fake Ledger data breach emails try to steal crypto wallets (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)