Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit xmldom #73

Closed
master101010 opened this issue Oct 24, 2022 · 1 comment
Closed

npm audit xmldom #73

master101010 opened this issue Oct 24, 2022 · 1 comment
Labels
dependencies Pull requests that update a dependency file

Comments

@master101010
Copy link

npm audit find critical vulnerabilities:
xmldom *
Severity: critical
Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom - GHSA-9pgh-qqpf-7wqj;
No fix available
node_modules/xmldom
easy-template-x *
Depends on vulnerable versions of xmldom
node_modules/easy-template-x

maybe should use @xmldom/xmldom
@alonrbar alonrbar added the dependencies Pull requests that update a dependency file label Nov 5, 2022
@Rindiser
Copy link

from @xmldom/xmldom:

Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom, because we are no longer able to publish xmldom.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alonrbar @master101010 @Rindiser