Security News > 2019 > December > Npm Patches Vulnerability Allowing Access to User Files
2019-12-16 16:52
JavaScript package manager npm last week addressed a vulnerability that could allow a publisher to access files on a user’s system. The issue impacts versions of npm prior to 6.13.3 and versions of yarn prior to 1.21.1, and it could be exploited through a specially crafted entry in the package.json bin field. npm v6.13.4 addresses the vulnerability. read more