Vulnerability that allowed an update to be released for any package in the NPM repository
GitHub has disclosed two incidents in its NPM package repository infrastructure. On November 2, third-party security researchers (Kajetan Grzybowski and Maciej Piechota), as part of the Bug Bounty program, reported the presence of a vulnerability in the NPM repository that allows you to publish a new version of any package using your account, which is not authorized to perform such updates. The vulnerability was caused by […]