You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like webdav-client depends on the 3.y.z version of fast-xml-parser in it's dependencies. However there has recently been a prototype pollution vulnerability that is being lighting up in scanning tools like Snyk and NexusIQ (https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-3325616).
Hello!
It looks like webdav-client depends on the 3.y.z version of fast-xml-parser in it's dependencies. However there has recently been a prototype pollution vulnerability that is being lighting up in scanning tools like Snyk and NexusIQ (https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-3325616).
It looks like this vulnerability has been fixed in 4.1.2+ fast-xml-parser as per https://security.snyk.io/package/npm/fast-xml-parser/4.1.2
Do you think it would be possible to upgrade the version of fast-xml-parser being used so this security gap can closed out?
Thanks :)
The text was updated successfully, but these errors were encountered: