[Security] Improper Key Verification on package `xml-crypto`

voltrue2 / in-app-purchase

A Node.js module for in-App-Purchase for iOS, Android, Amazon and Windows.

http://iap.gracenode.org

Other

1.05k stars 289 forks source link

[Security] Improper Key Verification on package `xml-crypto` #339

Open fuadchonora opened 3 years ago

fuadchonora commented 3 years ago

it uses vulnerable version of xml-crypto

  │ High                    │ Improper Key Verification
  │ Package             │ xml-crypto
  │ Patched in          │ >=2.0.0
  │ Dependency of  │ in-app-purchase
  │ Path                    │ in-app-purchase > xml-crypto
  │ More info            │ https://npmjs.com/advisories/1583