Found Vulnerability ' Improper Input Validation ' and ' Prototype Pollution ' on Synk.io #125
Comments
kanxoramesh
changed the title
kanxoramesh
changed the title
|
Github Advisory: GHSA-phwq-j96m-2c2q |
|
SAML Was updated but there's still critical vulnerabilities in ejs@2.5.5 that would be corrected by updating to ejs@3.1.8 |
|
Hi @aaronsegstro. I just submitted a PR bumping ejs to 3.1.8 here #130. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
BUG
Synk.io is reporting Vulnerability for this library, One of the dependence library
saml@1.0.0usesxmldomwhich has Vulnerability.and also
Arbitrary Code Injectionfrom packageejs@3.1.6Solution: update dependence library
saml@1.0.0to1.0.1which is using the latest version ofxmldom@0.7.4and also updateejs@2.5.5toejs@3.1.6The text was updated successfully, but these errors were encountered: