You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I am aware, vulnerability CVE-2021-21366 detected in package xmldom<0.5.0 is directly referenced by xml-crypto@1.15.3, on which your package @mondomob/gae-node-nestjs@7.5.11 transitively depends. As such, this vulnerability can also affect @mondomob/gae-node-nestjs@7.5.11 via the following path: @mondomob/gae-node-nestjs@7.5.11 ➔ passport-saml@1.3.3 ➔ xml-crypto@1.5.3 ➔ xmldom@0.1.27(vulnerable version)
Since xml-crypto has released a new patched version xml-crypto@1.5.4 to resolve this issue (xml-crypto@1.5.4 ➔ xmldom@0.6.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path : @mondomob/gae-node-nestjs@7.5.11 ➔ passport-saml@1.3.3 ➔ xml-crypto@1.5.4 ➔ xmldom@0.6.0(vulnerability fix version).
A warm tip.^_^
Best regards,
Paimon
The text was updated successfully, but these errors were encountered:
Hi, @mbyrne00, I have reported a vulnerability issue in package xml-crypto.
As far as I am aware, vulnerability CVE-2021-21366 detected in package xmldom<0.5.0 is directly referenced by xml-crypto@1.15.3, on which your package @mondomob/gae-node-nestjs@7.5.11 transitively depends. As such, this vulnerability can also affect @mondomob/gae-node-nestjs@7.5.11 via the following path:
@mondomob/gae-node-nestjs@7.5.11 ➔ passport-saml@1.3.3 ➔ xml-crypto@1.5.3 ➔ xmldom@0.1.27(vulnerable version)
Since xml-crypto has released a new patched version xml-crypto@1.5.4 to resolve this issue (xml-crypto@1.5.4 ➔ xmldom@0.6.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
@mondomob/gae-node-nestjs@7.5.11 ➔ passport-saml@1.3.3 ➔ xml-crypto@1.5.4 ➔ xmldom@0.6.0(vulnerability fix version)
.A warm tip.^_^
Best regards,
Paimon
The text was updated successfully, but these errors were encountered: