New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prototype pollution in plist #705
Comments
@gdeluna-branch or @echo-branch could you please update this minor version of plist? |
@Sujay-shetty "plist": "^3.0.4" npm package.json docs We will be working on a new release as well. |
Yes we'll aim to update this week. Thanks for the heads up @Sujay-shetty |
@Sujay-shetty : Our caret range should cover plist patch version.
|
Hi @JagadeeshKaricherla-branch , I tried above way but it is referring to version 3.0.4 only, so latest version it is not picking. |
@Sujay-shetty |
Hi,
There is new critical Prototype Pollution vulnerability found in plist according to below CVE.
GHSA-4cpg-3vgw-4877
which is fixed in plist version 3.0.5 (TooTallNate/plist.js#114).
Could you please update branch-sdk package.json to use latest version of plist.
Thanks,
Sujay
The text was updated successfully, but these errors were encountered: