atomos@0.5.0-alpha

Vulnerabilities

 1 via 1 paths

Dependencies

 69

Source

 npm
Find a vulnerability free version of atomos | View atomos package health on Snyk Advisor

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: jstoxml
  • Introduced through: jstoxml@1.6.11

Detailed paths

  • Introduced through: atomos@0.5.0-alpha jstoxml@1.6.11
    Remediation: Upgrade to atomos@1.0.0.

Overview

jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.

Remediation

Upgrade jstoxml to version 2.0.0 or higher.

References

XML External Entity (XXE) Injection vulnerability report