Versions of the popular NPM package name ua-parser-js has published a security advisory, highlighting vulnerabilities in multiple versions listed below on the 22nd of October 2021. It is recommended that you take the necessary precautions by ensuring your products are always updated.
ua-parser-js – version 0.7.29
ua-parser-js – version 1.0.0
ua-parser-js version 0.8.0
For more information on these NPM packages, you can follow this URL:
https://www.npmjs.com/package/ua-parser-js
The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.
PDF Download: A Vulnerability in an NPM Package Could Allow for Remote Code Execution.pdf
References
A vulnerability in an NPM Package could allow for remote code execution (22nd October 2021). Retrieved from Cybersecurity & Infrastructure Security Agency.
A vulnerability in an NPM Package could allow for remote code execution (22nd October 2021). Retrieved from Centre for Internet Security.