Are there copies that don't require a logon? Are you using UA-Parse-JS, directly or indirectly?
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Support, DUNNIT SYSTEMS LTD. <supp...@dunnitsys.com> Sent: Sunday, October 24, 2021 6:40 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Asking for a friend - reported NPM/node.js vulnerabilities I know very little about the technical side of anything Java. Those of you who are wiser, could be please look at these 2 articles and help the rest of us to understand how and where - if at all - this poses risks on the z/OS machine side, as well as on the platforms connected to z/OS and to our non-MF work environments in general (mine is Win10). Thanks. https://secure-web.cisco.com/1zlOqtW_sg5snAIdl-fklv-oNgBvO8lzPkMedyduyMdFRE_sj4fRS70CRQEf9TBaubNRedbb8vED6GbgA3iUhY9vyEWI5MrLbSdFKaNnsW9u6ZbhP7tPz_yedvo6rdX6iYHFnm0DDqcrkKA66uqMrDlUOYS-mivp8lrJorKSdQeOyXBii1aAl5HrV5BlbeMb3TjZAkRAnLPnIT6QOVLIhy2kT2dt4jIC43Jiq_TXwj-L-iZlmb6Fwm-4N46_x0_VF90ooMBSlNIL8p6--zB_fndOdwt_55d5BqkEB-FGRpzoHIPNjv4Sj04WuW4deEw1sA-yY7Gb9o0LrE26nsz7bfM4ozQLp2fM18xRMYyYjCcYRO6QJJ3VV85VGsVT3wQSHhKH6WH3b2R-j4QBP0M89hDPOXM8YmC6vHB18M8Ur4RUlisus3IA-PQ1I49B5R3DA2tXKiR1bOn25USjlR9HAYA/https%3A%2F%2Fwww.reddit.com%2Fr%2Fprogramming%2Fcomments%2Fqdlela%2Fbreaking_npm_package_uaparserjs_with_more_than_7m%2F https://secure-web.cisco.com/1hGtbwjX0w7zZ0z3CA9QEfF9DZlsqSyYXiWO_a4xI3DUuvzjPo6iAsBA69KAyw0qJHc-cH6dJsvu1MftWsgzLec2Q-GXBZiZV1NBdHNOjEYpetdegDeHaq6icearVRRe9M9XWaQKAQqXbRMpctJRE0TRsZ6fE7zDIp-JZUVjNPh3qH_l2pxJLw4ieYeBnH8AJ35n483IXN-zIuB6DmfBrjSZ6MgWr47fSTxU22scYEfex7ZlV0mHxgs8UqY0RlPYZDYMWsRjvuEFrZ1SL3Gj0w0TkzzwfCjuoh7MadSwuPSxfZujr9dmMPlwjm6dDnjexb1oUOxXguz-lqYcmZwGnSpdCOrDdPz2jHMERONO6hdFbQsYzfjFHajEgu-bwWmjy3Bh-i1I8eEFU-zPaOYAfFZS6NVU0gE_crg1mkK8W8XutTqPTJHAZpYFtQ5ylD1PR/https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpopular-npm-library-hijacked-to-install-password-stealers-miners%2F ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
