mreinstein
commented
2 years ago whoops, yeah my bad. I've just updated some deps and re-ran the build step. Should be fixed as 3.0.6 now.
Closed thorsent closed 2 years ago
mreinstein
commented
2 years ago whoops, yeah my bad. I've just updated some deps and re-ran the build step. Should be fixed as 3.0.6 now.
thorsent
commented
2 years ago Thank you!
Sonatype (Nexus vulnerability scanner) has reported that dist/plist.js and dist/plist-parse.js do not have the prototype pollution fix.
I think the source code for plist.js was updated but the compiled dist never got pushed up to github or released to npm?
https://nvd.nist.gov/vuln/detail/CVE-2022-26260