The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node package manager (npm) found in tools used by application developers that enable unauthenticated attackers to remotely trigger arbitrary operating system commands by sending a post request to a Metro server used..
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/11/jfrog-uncovers-severe-react-vulnerability-threat-to-software-supply-chains/
