GitHub has published details on seven Node.js vulnerabilities, warning that exploiting them might lead to code execution threats.
“These vulnerabilities may result in arbitrary code execution due to file overwrite and creation when tar is used to extract untrusted tar files or when the npm CLI is used to install untrusted npm packages under certain file system conditions,” GitHub said in an advisory.
When a malicious or untrusted npm package is installed, four of the reported security flaws affect the npm CLI and could lead to code execution even when the —ignore-scripts parameter is used.
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.
