#nodejs

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

### Impact The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. ### Patches Invalid push notification payload is caught and an logged. ### Workarounds n/a ### References - https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993 - https://github.com/parse-community/parse-server-push-adapter/pull/217

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field.

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. "The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion,

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke

Turkorat-poisoned packages sat in the npm development library for months, researchers say.

By Owais Sultan A joint advisory from the National Cyber Security Centre has detailed how the UK and its allies have cracked Snake, a Russian malware used by the FSB. This is a post from HackRead.com Read the original post: FBI, GCHQ Unite To Foil Russian Malware Hacking Tool

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32205: The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. * CVE-2023-32206: The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have ...

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32205: The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. * CVE-2023-32206: The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bound read could have led ...