cordova-node-xcode icon indicating copy to clipboard operation
cordova-node-xcode copied to clipboard
verified publisher icon apache

Critical vulnerability in simple-plist package (Prototype Pollution using .parse())

Open Sujay-shetty opened this issue 3 years ago • 1 comments

Hi,

There is a critical vulnerability found in plist which is used in simple-plist. According to below commit this has been fixed in plist and simple-plist.

https://github.com/wollardj/simple-plist/issues/60

Could you please update simple-plist package to 1.3.1 version

Thanks, Sujay

Sujay-shetty avatar Mar 31 '22 12:03 Sujay-shetty

You should be able to reinstall or run npm update to have the dependency patched in.

breautek avatar Mar 31 '22 12:03 breautek