NPM package with 3 million weekly downloads had a severe vulnerability

Ars Technica
By Ax SharmaSep 2, 2021, 10:20 am143 pts
Enlarge (credit: Getty Images) Popular NPM package "pac-resolver" has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

How Seriously Should We Take The Threat of Mirror Life?

Gizmodo

How Seriously Should We Take The Threat of Mirror Life? 128

The Ebike Accessories You Need to Help You Haul the Most Stuff

Wired

The Ebike Accessories You Need to Help You Haul the Most Stuff 128

The next generation of AI won’t be powered by better models alone

The Next Web

The next generation of AI won’t be powered by better models alone 126

Prosecutors used ChatGPT logs as evidence in the Palisades fire trial

The Verge

Prosecutors used ChatGPT logs as evidence in the Palisades fire trial 125

Apple's touchscreen MacBook reportedly won't wait for the M7 chips

Engadget

Apple's touchscreen MacBook reportedly won't wait for the M7 chips 121

The ‘Five Nights at Freddy’s 3’ Movie Finally Gets a Writer

Gizmodo

The ‘Five Nights at Freddy’s 3’ Movie Finally Gets a Writer 119

How to watch South Africa vs Canada: Free Streams, TV Channels & Kick-Off time as FIFA World Cup 2026 co-hosts start knockout phase

TechRadar

How to watch South Africa vs Canada: Free Streams, TV Channels & Kick-Off time as FIFA World Cup 2026 co-hosts start knockout phase 113

How to watch 2026 FIFA World Cup in Bangladesh: free live streams, BTV, Toffee

TechRadar

How to watch 2026 FIFA World Cup in Bangladesh: free live streams, BTV, Toffee 110

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

Megapod is the modular AI data center…

Megapod is the modular AI data center kit that Elon Musk's Tesla wants to sell…

Nvidia-backed Firmus will build a 360MW…

Nvidia-backed Firmus will build a 360MW AI data centre in Indonesia and expects…

Missed Prime Day? Best Buy's rival sale…

Missed Prime Day? Best Buy's rival sale is still live, and I'm rounding up the…

SpaceX could be planning to offer a…

SpaceX could be planning to offer a Starlink mobile network for consumers,…

The BIS warns an AI bust could hit…

The BIS warns an AI bust could hit credit markets as hard as the 2008 financial…

Auto repair is one of the least…

Auto repair is one of the least digitised industries in America. AI is changing…

Google is rationing Gemini access to…

Google is rationing Gemini access to Meta because it cannot provide enough…

China’s Loongson launches homegrown…

China’s Loongson launches homegrown 16-core server CPU built on LoongArch…

AI coding agents can be tricked into…

AI coding agents can be tricked into installing malware via 'clean' GitHub…

PlayStation is removing over 500 movies…

PlayStation is removing over 500 movies from UK customers' accounts with no…