jstoxml@0.2.4

Vulnerabilities

1 via 1 paths

Dependencies

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

XML External Entity (XXE) Injection

  • Vulnerable module: jstoxml
  • Introduced through: jstoxml@0.2.4

Detailed paths

  • Introduced through: jstoxml@0.2.4
    Remediation: Upgrade to jstoxml@2.0.0.

Overview

jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.

Remediation

Upgrade jstoxml to version 2.0.0 or higher.

References