NPM package with 3 million weekly downloads had a severe vulnerability

NPM package with 3 million weekly downloads had a severe vulnerability

Magnify (credit score: Getty Pictures)

In style NPM package deal “p.c-resolver” has mounted a critical far off code execution (RCE) flaw.

The p.c-resolver package deal receives over three million weekly downloads, extending this vulnerability to Node.js packages depending at the open supply dependency. Percent-resolver touts itself as a module that accepts JavaScript proxy configuration recordsdata and generates a serve as to your app to map sure domain names to make use of a proxy.

To proxy or to not proxy

This week, developer Tim Perry disclosed a high-severity flaw in p.c-resolver that may allow risk actors at the native community to run arbitrary code inside of your Node.js procedure each time it makes an attempt to make an HTTP request.

Learn 15 final paragraphs | Feedback

https://platform.twitter.com/widgets.js

Leave a Reply

Your email address will not be published. Required fields are marked *