search

macedigital / express-xml-bodyparser

Simple XML body parser connect/express middleware
MIT License
69 stars 27 forks source link

Snyk Code Analysis - Prototype Pollution Vulnerability #31

Open dev-script opened 1 year ago

dev-script commented 1 year ago

Issue: xml2js@0.4.23 Fixed In: xml2js@0.5.0 Introduced through: express-xml-bodyparser@0.3.0 › xml2js@0.4.23

Please upgrade internal package xml2js (v0.4.23 to v0.5.0) of express-xml-bodyparser

Screenshot 2023-04-11 at 12 42 42 PM
stcleezy commented 1 year ago

FWIW, this fork appears to include the patched lib: https://github.com/dev-script/preq-express-xml-bodyparser