#dependency-security

[ follow ]
#javascript #remote-code-execution #expr-eval #software-supply-chain #slsa-l2
Information security
fromBleepingComputer
2 weeks ago

Popular JavaScript library expr-eval vulnerable to RCE flaw

Critical RCE vulnerability (CVE-2025-12735) in expr-eval/expr-eval-fork allows remote code execution via unvalidated Parser.evaluate() context variables.
fromInfoWorld
1 month ago

Chainguard offers malware-resistant JavaScript libraries

The libraries, which are built from source on SLSA L2 (Supply-chain Levels for Software Artifacts) infrastructure, were introduced on September 25. By securely building each library and its dependencies from source, Chainguard Libraries for JavaScript offers security and engineering teams confidence that malware has not been inserted during the build or distribution of libraries in the JavaScript ecosystem, according to Chainguard. This eliminates a significant gap in the threat landscape, Chainguard added.
JavaScript
[ Load more ]