search

iTwin / itwinjs-core

Monorepo for iTwin.js Library
https://www.itwinjs.org
MIT License
593 stars 211 forks source link

xmldom security vulnerability CVE-2021-32796 #2241

Closed spowell-216 closed 2 years ago

spowell-216 commented 2 years ago

@bentley/itwin-client package has a dependency on "xmldom": "^0.6.0"

per the security advisory Misinterpretation of malicious XML input

could we get this package updated to "@xmldom/xmldom":"^0.7.0"

aruniverse commented 2 years ago

Should be fixed in 2.19.12, which is now available.