NPM package with 3 million weekly downloads had a severe vulnerability
Ax SharmaArs Technica
Enlarge (credit: Getty Images)
Popular NPM package "pac-resolver" has fixed a severe remote code execution (RCE) flaw.
To proxy or not to proxy
This week, developer Tim Perry disclosed a high-severity flaw in pac-resolver that can enable threat actors on the local network to run arbitrary code within your Node.js process whenever it attempts to make an HTTP request.
Read 15 remaining paragraphs | CommentsContinue Reading