A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote code execution on enterprise AI backends. Security researchers have ...