VULNERABILITY exposure in dependencies - Githubissues

kempsteven / vue-html2pdf

vue-html2pdf converts any vue component or element into PDF, vue-html2pdf is basically a vue wrapper only and uses html2pdf.js behind the scenes.

https://www.npmjs.com/package/vue-html2pdf

MIT License

439 stars 75 forks source link

VULNERABILITY exposure in dependencies #126

Open nirbal opened 2 years ago

nirbal commented 2 years ago

Hi, Please update your dependencies on package.json file ASAP You got VULNERABILITY exposure in PUBLIC SECURITY ALERTS DB because some of your dependencies are out of date e.g "html2pdf.js": "^0.9.2" is outdated in your project although it has newer versions that FIX the VULNERABILITY. Because of that all other child dependencies that use your oudated dependency are expose to:

Prototype Pollution
Cross-site Scripting (XSS)
Regular Expression Denial of Service (ReDoS)
Improper Input Validation
XML External Entity (XXE) Injection