Vulnerability Allowing an Update to Be Released for any Package in the NPM Repository
GitHub has disclosed two incidents in the NPM package repository infrastructure. On November 2, third-party security researchers Kajetan Grzybowski and Maciej Piechota, as part of the Bug Bounty program, announced a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates.
The post Vulnerability Allowing an Update to Be Released for any Package in the NPM Repository appeared first on Linux Today.
Source: Linux Today