The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node package manager (NPM) found in tools used by application developers that enable unauthenticated attackers to remotely trigger arbitrary operating system commands by sending a post request to a Metro server used..

The post JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains appeared first on Security Boulevard.

Michael Vizard

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/11/jfrog-uncovers-severe-react-vulnerability-threat-to-software-supply-chains/