Vulnerabilities

 1 via 1 paths

Dependencies

 144

Source

 npm
Find a vulnerability free version of ali-oss | View ali-oss package health on Snyk Advisor

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: jstoxml
  • Introduced through: jstoxml@0.2.4

Detailed paths

  • Introduced through: ali-oss@6.15.2 jstoxml@0.2.4
    Remediation: Upgrade to ali-oss@6.17.0.

Overview

jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.

Remediation

Upgrade jstoxml to version 2.0.0 or higher.

References

XML External Entity (XXE) Injection vulnerability report