logoalt Hacker News

rikafurude21yesterday at 9:23 PM3 repliesview on HN

Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues

Replies

billywhizzyesterday at 9:27 PM

is it not obvious?

> These issues are present in the patches published last week.

> The patches published last week are vulnerable.

> If you already updated for the Critical Security Vulnerability, you will need to update again.

rickhanloniiyesterday at 10:22 PM

GitHub has to review the advisories and publish it for it to show in `npm audit`, so it's delayed.

theogravityyesterday at 10:43 PM

You need to update again.

show 2 replies