Tag: NPM

Prototype Pollution high vulnerability in ‘mixme’ NPM package

Prototype Pollution high vulnerability in ‘mixme’ NPM package

TL;DR Learn about JavaScript Prototypes Learn about Prototype Pollution Introducing the Prototype Pollution vulnerability that OP Innovate discovered on mixme. Mitigation & helpful tools and utilities. https://nvd.nist.gov/vuln/detail/CVE-2021-28860 ; https://nvd.nist.gov/vuln/detail/CVE-2021-29491 https://www.npmjs.com/advisories/1668 NPM (Node Package Manager) is a gigantic software registry that contains hundreds of thousands of open source Node.js projects in the form of packages. As

Read More
DLL Injection Attack in Kerberos NPM package

DLL Injection Attack in Kerberos NPM package

Written by: Dan Shallom, Cyber-security expert at OP Innovate.  TL;DR There is a need for awareness of the potential risks of using open-source code Introducing the DLL preloading vulnerability we discovered on Kerberos. Mitigation & helpful tools and utilities. https://www.npmjs.com/advisories/1514 The CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-13110  For those who are not familiar with NPM (Node Package Manager), it is

Read More
Under Cyber Attack? Click Here