body-parser-xml icon indicating copy to clipboard operation
body-parser-xml copied to clipboard
verified publisher icon fiznool

xml2js is vulnerable to prototype pollution

Open asantos87 opened this issue 2 years ago • 1 comments

npm audit is informing me of this vulnerability:

xml2js  <=0.4.23
Severity: high
xml2js is vulnerable to prototype pollution  - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
  body-parser-xml  *
  Depends on vulnerable versions of xml2js
  node_modules/body-parser-xml

xml2js released 0.5.0 version with this fix, please update the dependency.

asantos87 avatar Apr 10 '23 17:04 asantos87

Hello, that is perfect. When will be to publish the new release in npmjs? Thanks a lot

yadickson avatar Apr 11 '23 19:04 yadickson