ali-oss-extra@0.0.9

Vulnerabilities

1 via 1 paths

Dependencies

144

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: jstoxml
  • Introduced through: ali-oss@4.16.0

Detailed paths

  • Introduced through: ali-oss-extra@0.0.9 ali-oss@4.16.0 jstoxml@0.2.4

Overview

jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.

Remediation

Upgrade jstoxml to version 2.0.0 or higher.

References