Is this something that Sangoma has looked at? I know that some parts of FreePBX use npm.
Widespread Supply Chain Compromise Impacting npm Ecosystem | CISA
2 Likes
We are aware of the issue and discussing internally amongst the FreePBX Security Team.
1 Like
Hi @penguinpbx, is there any update or technical response from the security team on this?
1 Like
Research is ongoing, but please refer to the FreePBX security reporting policy on GitHub for help raising specific issues.
Hi @penguinpbx, I don’t see this as a potential vulnerability listed, is there any update to the security teams ongoing research?
Correct, it is not currently listed on the published FreePBX GitHub Security Advisories.
The issue is being looked at in accordance with the FreePBX security reporting policy on GitHub (better link direct to policy).
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.