Critical Bug Reported in NPM Package With Millions of Downloads Weekly

A widely used NPM package called ‘Pac-Resolver’ for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects Pac-Resolver versions before 5.0.0.

Read full article on The Hacker News