Mu zosintha za NPM 6.13.4, woyang'anira phukusi adaphatikizidwa ndi Node.js ndipo adagwiritsidwa ntchito kugawa ma module a JavaScript, zovuta zitatu (, и ), zomwe zimalola kusintha kapena kusinthitsa mafayilo a dongosolo mwachisawawa poyika phukusi lopangidwa mwachinyengo. Njira yothetsera vutoli ndi kukhazikitsa ndi njira ya "--ignore-scripts", yomwe imaletsa kugwiritsa ntchito osamalira phukusi lomangidwa mkati. Opanga mapulogalamu a NPM adasanthula mapaketi omwe ali mu repository ndipo sanapeze umboni wa kugwiritsa ntchito zofooka zomwe zadziwika kuti ziwopsezedwe.
CVE-2019-16777 Mu zotulutsidwa zisanachitike 6.13.4, izi zimakulolani kulembanso ma executable system panthawi yokhazikitsa phukusi lonse lapansi. Mafayilo okha omwe ali mu target directory komwe ma executable amayikidwa (nthawi zambiri /usr/local/bin) ndi omwe angalembedwenso.
и kuwonekera m'malembo asanafike 6.13.3 ndipo amalola kulemba fayilo yosasinthika popanga ulalo wophiphiritsa ku mafayilo omwe ali kunja kwa chikwatu ndi ma module (node_modules) kapena mwa kusintha munda wa bin mu package.json (njira zokhala ndi "/../" zidaloledwa m'munda wa bin).
Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDSGulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster
