node-quickbooks icon indicating copy to clipboard operation
node-quickbooks copied to clipboard

Published 20 hours ago verified publisher icon mcohen01

1 low severity vulnerability in dependency of node-quickbooks

Open gogbajbobo opened this issue 3 years ago • 5 comments

Low: Misinterpretation of malicious XML input Package: xmldom Patched in: >=0.5.0 Dependency of: node-quickbooks Path: node-quickbooks > jxon > xmldom More info: https://npmjs.com/advisories/1650

gogbajbobo avatar Mar 18 '21 11:03 gogbajbobo

+1 on this issue. It would appear that jxon has a PR to fix the issue but the project hasn't been updated since 2017. I think we are looking at an abandoned project which this project relies on.

geoffcorey avatar Sep 23 '21 14:09 geoffcorey

I made a PR to replace the deprecated xmldom with @xmldom/xmldom that would take care of the security issue. https://github.com/tyrasd/jxon/pull/55

geoffcorey avatar Sep 27 '21 21:09 geoffcorey

jxon is a dead project and should be replaced

geoffcorey avatar Feb 23 '23 14:02 geoffcorey

+1 on this issue. jxon needs to be replaced

josh-bridgement avatar Jul 13 '23 13:07 josh-bridgement

I moved to @apigrate/quickbooks since the security issues on node-quickbooks are not being addressed.

geoffcorey avatar Jul 18 '23 14:07 geoffcorey