search

fiznool / body-parser-xml

XML parser middleware for express.js.
MIT License
37 stars 10 forks source link

xml2js is vulnerable to prototype pollution #172

Open asantos87 opened 1 year ago

asantos87 commented 1 year ago

npm audit is informing me of this vulnerability:

xml2js  <=0.4.23
Severity: high
xml2js is vulnerable to prototype pollution  - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
  body-parser-xml  *
  Depends on vulnerable versions of xml2js
  node_modules/body-parser-xml

xml2js released 0.5.0 version with this fix, please update the dependency.

yadickson commented 1 year ago

Hello, that is perfect. When will be to publish the new release in npmjs? Thanks a lot