SECURITY: Insecure version of xmldom

Question

joebowbeer opened this issue 3 years ago · comments

The xmldom version is locked to 0.1.7 which is vulnerable to XML External Entity Injection:

Joe Bowbeer · Answer 1 · Mon Aug 30 2021 08:29:06 GMT+0800 (China Standard Time)

@yaronn Threat-free versions of xmldom are now available at @xmldom/xmldom