ali-oss icon indicating copy to clipboard operation
ali-oss copied to clipboard

Published 20 hours ago verified publisher icon ali-sdk

xml2js - vulnerability

Open ranyanay opened this issue 1 year ago • 1 comments

  • Browser Version or Node Version: 18
  • ali-oss Version: 6.17.1
  • Mini Showcase Repository:
  • Network Resoponse Header x-oss-request-id:

found xml2js vulnerability by whitesource: https://www.mend.io/vulnerability-database/CVE-2023-0842

ranyanay avatar Jun 12 '23 11:06 ranyanay

ali-oss Version: 6.18.0

xml2js <0.5.0 Severity: moderate xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc

Please update the xml2js to 0.5.0

adamesong avatar Sep 10 '23 03:09 adamesong