A new Security Update for the Node.js Framework was published. It security closes the gaps on the sides of the package Manager npm, as well as yarn and pnpm serious weak diagnosed make.
The Node.js Update includes the updated package Manager npm with Version 6.13.4, which is the a recently discovered security vulnerability place closes. This arose because of the Overwriting of files to Define the binary files by using the package.json was possible.
Prone to this Binary Planting or Arbitrary File Overwriting also yarn and pnpm were in addition to npm. In this way it was attackers are able to place malicious Code and run. The Node.js Foundation responds with Security Updates on these issues, which relate to all Release branches.
As the npm Team tells, scanned the Registry for possible attacks. Although no hazards were found, there is no guarantee, however, that there are no files, or was, the have exploited the weak point. This is due to the fact that, for example, private Registries or Git Repositories can't be scanned. It is recommended, therefore, both sides of the node.js Foundation of npm urgently to install the Update.