Node.js released Security Update 6.13.4

Alex Alex 18 December 2019
Node.js released Security Update 6.13.4

A new Security Update for the Node.js Framework was published. It security closes the gaps on the sides of the package Manager npm, as well as yarn and pnpm serious weak diagnosed make.

The Node.js Update includes the updated package Manager npm with Version 6.13.4, which is the a recently discovered security vulnerability place closes. This arose because of the Overwriting of files to Define the binary files by using the package.json was possible.

Prone to this Binary Planting or Arbitrary File Overwriting also yarn and pnpm were in addition to npm. In this way it was attackers are able to place malicious Code and run. The Node.js Foundation responds with Security Updates on these issues, which relate to all Release branches.

As the npm Team tells, scanned the Registry for possible attacks. Although no hazards were found, there is no guarantee, however, that there are no files, or was, the have exploited the weak point. This is due to the fact that, for example, private Registries or Git Repositories can't be scanned. It is recommended, therefore, both sides of the node.js Foundation of npm urgently to install the Update.

With npm v6.13.4, inter alia, the package will be.jason Parsing Library updated. Updates for yarn (Version 1.21.1) and pnpm (Version 4.5.0) are also available.

All information and to Download the new Security Update can be found on the official websites of node.js or npm to.

the
the
the
the
the

Source: entwickler.de

Comments (0)

    No comments yet

You must be logged in to comment.