SHEIN: RCE via npm misconfig -- installing internal libraries from the public registry

The following node package has been installed on at least one shein owned build/development server directly from the public npm registry. https://www.npmjs.com/package/shineout-mobile This package should normally be downloaded from the internal shein registry, but a misconfiguration appears to ha...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0882-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

Uber: RCE via npm misconfig -- installing internal libraries from the public registry

The hacker spotted some orphaned references to Uber-branded Node.js library packages and claimed them on the public NPM registry to run their own proof-of-concept code. Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies...