XMLDOM vulnerabilities #2
Comments
|
@axelpale Can you please review and merge the PR |
|
Thanks for pointing this out and providing a PR. I try to gather time to review the PR in the upcoming days. |
|
@axelpale did you get chance to look into this PR? |
|
Released the fix today in v1.1.5. I might proceed to v2.0.0 to upgrade other dependencies too. |
|
@axelpale Thanks a lot for fixing this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**xmldom ***
Severity: critical
Misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - GHSA-crh6-fp67-6883
Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q
No fix available
node_modules/xmldom
filterxml *
Depends on vulnerable versions of xmldom
xmldom has critical vulnerabilities, Can we move the dependency to the new version
Please check issue for reference - videojs/mpd-parser#143
It's fixed into new library version - xmldom/xmldom#271
The text was updated successfully, but these errors were encountered: