■■■■■ 5 RCEs in npm for $15,000+.
︎CVE-2021-32804 ($10,000)
︎CVE-2021-32803 ($2,000)
︎CVE-2021-37701 ($2,500)
︎CVE-2021-37712 (found internally – $1,000 token payout)
︎CVE-2021-37713 (found internally)︎CVE-2021-39134 (TBD)
https://robertchen.cc/blog/2021/09/20/npm-rce
https://t.me/cKure/9424