Critical Bug Reported in NPM Package With Millions of Downloads Weekly

A widely used NPM package called ‘Pac-Resolver’ for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. 
The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects

Source:: The Hackers News