search

videojs / video.js

Video.js - open source HTML5 video player
https://videojs.com
Other
38.12k stars 7.46k forks source link

Security Issue #8237

Open Makio64 opened 1 year ago

Makio64 commented 1 year ago

Description

Hello,

According to snyk.io, video js present a security issue cause by xmldom@0.7.6 imported by mpd-parser, updating to 0.7.7 would fix it.

Introduced through : video.js@8.2.0 › @videojs/http-streaming@3.0.2 › video.js@7.20.3 › @videojs/http-streaming@2.14.3 › mpd-parser@0.21.1 › @xmldom/xmldom@0.7.6

Reduced test case

https://github.com/videojs/video.js

Steps to reproduce

  1. scan a repo using video.js

Errors

security error

What version of Video.js are you using?

8.2.0

Video.js plugins used.

none

What browser(s) including version(s) does this occur with?

All

What OS(es) and version(s) does this occur with?

All

mister-ben commented 1 year ago

This doesn't reproduce in a repo that only installs video.js@8.2.0. 0.8.7 and 0.8.3 of @xmldom/xmldom are present and snyk flags no issues. Video.js 7.20.3 is also not present. Are you installing other packages that are depending on odler video.js versions?