A very popular NPM package called ‘pac-resolver’ for the JavaScript programming language has been fixed to address a remote code execution flaw that could affect a lot of Node.js applications. The flaw in the pac-resolver dependency was found by developer Tim Perry who notes it could have allowed an attacker on a local network to remotely run malicious code inside a Node.js process whenever an operator tried to send an HTTP request.
Read full article on ZDNet