atomos@0.5.0-alpha

Vulnerabilities

1 via 1 paths

Dependencies

69

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: jstoxml
  • Introduced through: jstoxml@1.6.11

Detailed paths

  • Introduced through: atomos@0.5.0-alpha jstoxml@1.6.11
    Remediation: Upgrade to atomos@1.0.0.

Overview

jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.

Remediation

Upgrade jstoxml to version 2.0.0 or higher.

References