{"id":132793,"date":"2025-11-10T13:14:30","date_gmt":"2025-11-10T13:14:30","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=132793"},"modified":"2025-11-10T13:14:33","modified_gmt":"2025-11-10T13:14:33","slug":"npm-library-vulnerability","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/","title":{"rendered":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution"},"content":{"rendered":"\n<p>A critical security flaw has been discovered in the widely used <a href=\"https:\/\/cybersecuritynews.com\/15-weaponized-npm-packages\/\" target=\"_blank\" rel=\"noreferrer noopener\">npm package<\/a> expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks.<\/p>\n\n\n\n<p>The vulnerability, tracked as&nbsp;<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-12735\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2025-12735<\/a>, allows attackers to execute arbitrary system commands through maliciously crafted input.<\/p>\n\n\n\n<p>The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical expressions safely, serving as a more secure alternative to JavaScript&#8217;s native eval() function.<\/p>\n\n\n\n<p>With over 250 dependent packages, including oplangchain, a JavaScript implementation of the popular<a href=\"https:\/\/cybersecuritynews.com\/langchain-js-vulnerability-sensitive-information\/\" target=\"_blank\" rel=\"noreferrer noopener\"> LangChain framework<\/a>, this vulnerability has significant implications for the AI and NLP ecosystem.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-npm-library-vulnerability\"><strong>NPM Library<\/strong> <strong>Vulnerability<\/strong><\/h2>\n\n\n\n<p>Carnegie Mellon University researchers<a href=\"https:\/\/kb.cert.org\/vuls\/id\/263614\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> discovered<\/a> that attackers can define arbitrary functions within the parser&#8217;s context object, enabling the injection of malicious code that executes system-level commands.<\/p>\n\n\n\n<p>This vulnerability achieves&nbsp;Total Technical Impact&nbsp;under the SSVC framework, meaning adversaries gain complete control over affected software behavior and can access all system information.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>CVE ID<\/strong><\/th><th><strong>Affected Package<\/strong><\/th><th><strong>Vulnerability Type<\/strong><\/th><th><strong>Patched Version<\/strong><\/th><\/tr><\/thead><tbody><tr><td>CVE-2025-12735<\/td><td>expr-eval, expr-eval-fork<\/td><td>Remote Code Execution<\/td><td>expr-eval-fork v3.0.0<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The flaw is particularly dangerous for generative<a href=\"https:\/\/cybersecuritynews.com\/non-human-identity-in-cybersecurity-and-ensuring-reliability-in-ai-systems\/\" target=\"_blank\" rel=\"noreferrer noopener\"> AI systems<\/a> and NLP applications. These systems often run in server environments with access to sensitive local resources and process user-supplied mathematical expressions.<\/p>\n\n\n\n<p>Developers using expr-eval or expr-eval-fork should take immediate action by upgrading to&nbsp;the expr-eval-fork version 3.0.0, which includes comprehensive <a href=\"https:\/\/cybersecuritynews.com\/android-security-patches\/\" target=\"_blank\" rel=\"noreferrer noopener\">security patches<\/a>.<\/p>\n\n\n\n<p>The update introduces an allowlist of safe functions, mandatory registration for custom functions, and enhanced test cases to enforce security constraints.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/cybersecuritynews.com\/elastic-defend-for-windows-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">vulnerability<\/a> was responsibly disclosed by security researcher Jangwoo Choe (UKO) and patched through GitHub Pull Request #288.<\/p>\n\n\n\n<p>Organizations can use npm audit to automatically detect this vulnerability in their projects through the GitHub Security Advisory&nbsp;GHSA-jc85-fpwf-qm7x.<\/p>\n\n\n\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as&nbsp;CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously crafted input. The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical [&hellip;]<\/p>\n","protected":false},"author":27,"featured_media":132814,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3066,11,2746,53],"tags":[149,151,416],"class_list":{"0":"post-132793","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ai","8":"category-cyber-security-news","9":"category-latest-cybersecurity-news","10":"category-vulnerability","11":"tag-cyber-security","12":"tag-cyber-security-news","13":"tag-vulnerability"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution<\/title>\n<meta name=\"description\" content=\"The flaw discovered in npm package expr-eval, exposing AI and natural language processing applications to remote code execution attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution\" \/>\n<meta property=\"og:description\" content=\"The flaw discovered in npm package expr-eval, exposing AI and natural language processing applications to remote code execution attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-10T13:14:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-10T13:14:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Abinaya\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abinaya\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution","description":"The flaw discovered in npm package expr-eval, exposing AI and natural language processing applications to remote code execution attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution","og_description":"The flaw discovered in npm package expr-eval, exposing AI and natural language processing applications to remote code execution attacks.","og_url":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-10T13:14:30+00:00","article_modified_time":"2025-11-10T13:14:33+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp","type":"image\/jpeg"}],"author":"Abinaya","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Abinaya","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/"},"author":{"name":"Abinaya","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/1a94534cae789bad6ff3d6a1c4bfcda1"},"headline":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution","datePublished":"2025-11-10T13:14:30+00:00","dateModified":"2025-11-10T13:14:33+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/"},"wordCount":315,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news","vulnerability"],"articleSection":["AI","Cyber Security News","Latest Cybersecurity News","Vulnerability"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/","url":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/","name":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-10T13:14:30+00:00","dateModified":"2025-11-10T13:14:33+00:00","description":"The flaw discovered in npm package expr-eval, exposing AI and natural language processing applications to remote code execution attacks.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/npm-library-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/1a94534cae789bad6ff3d6a1c4bfcda1","name":"Abinaya","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/915429ce96054c30e324319044dd9dea3921978fcef4cc62ef69d7c2f53ce2a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/915429ce96054c30e324319044dd9dea3921978fcef4cc62ef69d7c2f53ce2a7?s=96&d=mm&r=g","caption":"Abinaya"},"description":"Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.","sameAs":["https:\/\/www.cybersecuritynews.com"],"url":"https:\/\/cybersecuritynews.com\/author\/abi\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_hcLrbvkZzpTIIcslDua77pVPAZWGwWBhMryZSkKL_spzx7JQVON_66XVMyolupvch7At_SwSGi6V56r3PlzaTCDR2Uxcs-lrUakz1gD_MbVi-RVMW0dpl9daTcpfkCLzJpX49ZH9tG8AQtv1fDY_Tm_CLWfubqwASgbMWr7-NsWaEFjOeAvZxSGyu3k\/s1600\/Critical%20Vulnerability%20in%20Popular%20npm%20Library%20Exposes%20AI%20and%20NLP%20Apps%20to%20Remote%20Code%20Execution%20%281%29.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=132793"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132793\/revisions"}],"predecessor-version":[{"id":132819,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/132793\/revisions\/132819"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/132814"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=132793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=132793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=132793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}