CVE-2023-0842 high-severity vulnerability in current version of dependency xml2js

rbren / rss-parser

A lightweight RSS parser, for Node and the browser

MIT License

1.38k stars 209 forks source link

CVE-2023-0842 high-severity vulnerability in current version of dependency xml2js #246

Closed OIRNOIR closed 1 year ago

OIRNOIR commented 1 year ago

The dependency, xml2js, has been reported as having a high severity vulnerability on its latest version. We need to either switch to another dependency or wait until xml2js gets updated to remove the vulnerability. More information: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663

Arisamiga commented 1 year ago

https://github.com/Leonidas-from-XIV/node-xml2js/issues/663 Got closed and was patched https://github.com/rbren/rss-parser/blob/master/package.json needs to be updated to support version 0.5.0 which is the patched version.