New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XMLDOM vulnerabilities #2
Comments
@axelpale Can you please review and merge the PR |
Thanks for pointing this out and providing a PR. I try to gather time to review the PR in the upcoming days. |
@axelpale did you get chance to look into this PR? |
Released the fix today in v1.1.5. I might proceed to v2.0.0 to upgrade other dependencies too. |
@axelpale Thanks a lot for fixing this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**xmldom ***
Severity: critical
Misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom
filterxml *
Depends on vulnerable versions of xmldom
xmldom has critical vulnerabilities, Can we move the dependency to the new version
Please check issue for reference - videojs/mpd-parser#143
It's fixed into new library version - xmldom/xmldom#271
The text was updated successfully, but these errors were encountered: