xml2js is vulnerable to prototype pollution
bursache opened this issue · comments
Bogdan Ursache commented
Expected Behavior
aws-sdk dependency should accept patches.
Current Behavior
aws-sdk dependency is listed with a fixed version that has a direct depedency to xml2js which is vulnerable to prototpye pollution. aws-sdk has been patched here: aws/aws-sdk-js#4389
Steps to Reproduce (for bugs)
npm install
npm audit --registry=https://registry.npmjs.org/
OR
npx better-npm-audit audit --level=high --registry=https://registry.npmjs.org/
Regev Brody commented