search

ali-sdk / ali-oss

Aliyun OSS(Object Storage Service) JavaScript SDK for the Browser and Node.js
https://www.alibabacloud.com/help/doc-detail/52834.htm
MIT License
1.94k stars 577 forks source link

xml2js - vulnerability #1210

Open ranyanay opened 1 year ago

ranyanay commented 1 year ago

found xml2js vulnerability by whitesource: https://www.mend.io/vulnerability-database/CVE-2023-0842

adamesong commented 11 months ago

ali-oss Version: 6.18.0

xml2js <0.5.0 Severity: moderate xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc

Please update the xml2js to 0.5.0