Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1 low severity vulnerability in dependency of node-quickbooks #175

Open
gogbajbobo opened this issue Mar 18, 2021 · 5 comments
Open

1 low severity vulnerability in dependency of node-quickbooks #175

gogbajbobo opened this issue Mar 18, 2021 · 5 comments

Comments

@gogbajbobo
Copy link

Low: Misinterpretation of malicious XML input
Package: xmldom
Patched in: >=0.5.0
Dependency of: node-quickbooks
Path: node-quickbooks > jxon > xmldom
More info: https://npmjs.com/advisories/1650
@geoffcorey
Copy link

+1 on this issue. It would appear that jxon has a PR to fix the issue but the project hasn't been updated since 2017. I think we are looking at an abandoned project which this project relies on.

@geoffcorey
Copy link

I made a PR to replace the deprecated xmldom with @xmldom/xmldom that would take care of the security issue. tyrasd/jxon#55

@geoffcorey
Copy link

jxon is a dead project and should be replaced

@josh-bridgement
Copy link

+1 on this issue. jxon needs to be replaced

@geoffcorey
Copy link

I moved to @apigrate/quickbooks since the security issues on node-quickbooks are not being addressed.

@geoffcorey geoffcorey mentioned this issue Nov 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@geoffcorey @gogbajbobo @josh-bridgement