and another related one:
www.cve.org/CVERecord?id...
This is on all versions v2.4.11 and below of the npmjs.com/sha.js package.
NOTE: this applies to all node and browser versions; please upgrade to v2.4.12 or later!
Harborist has published a new CVE:
www.cve.org/CVERecord?id...
This is on all versions v1.0.4 and below of the npmjs.com/cipher-base package.
NOTE: this applies to all node and browser versions; please upgrade to v1.0.6 or later!
Harborist has published a new CVE:
www.cve.org/cverecord?id...
This is on all versions of the npmjs.com/form-data package, on all node versions. Please note: node 18+ and all modern browsers (caniuse.com?search=formd...) have FormData built in - please consider migrating to it!
Harborist has just published its first two CVEs:
www.cve.org/CVERecord?id...
www.cve.org/CVERecord?id...
Both are on npmjs.com/pbkdf2, please update to v3.1.3!
To clarify, the Harborist CNA's current scope covers projects maintained by @jordan.har.band which are listed here: npmjs.com/~ljharb
New CVE Program Partner
Harborist is now a CVE Numbering Authority (CNA) assigning CVE IDs for all projects listed under www.npmjs.com/~ljharb
cve.org/Media/News/i...
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity