NPM package with 3 million weekly downloads had a severe vulnerability

Contributor
September 2, 2021
Uncategorized

over 3 million weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a module that accepts JavaScript proxy configuration files and generates a function for your app to map certain domains to use a proxy.

To proxy or not to proxy

This week, developer Tim Perry disclosed a high-severity flaw in pac-resolver that can enable threat actors on the local network to run arbitrary code within your Node.js process whenever it attempts to make an HTTP request.

Read 15 remaining paragraphs | Comments

Synergy Unleashed: the Dynamic Collaboration of SUSE and …
SUSE GUEST BLOG AUTHORED BY: Colin Griffin, Founder and CEO at Krumware The cloud-native landscape has forever... The post Synergy Unleashed: the Dynamic Collaboration of SUSE and … appeared first on LinuxPunx.
SUSE Academic Training Programme
Empowering Universities with SUSE Academic Training Programme Universities play a vital role in shaping the future... The post SUSE Academic Training Programme appeared first on LinuxPunx.

To proxy or not to proxy

Related Posts

Pakistan shut down the internet – but that didn’t stop the protests

Passkeys may not be for you, but they are safe and easy—here’s why

The Download: open vs closed AI, and Google’s uneasy demo

Discover more from WHO WILL CARE eCommerce