You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.
Checkboxes for prior research
Describe the bug
Our system reported a vulnerability in
fast-xml-parser
:The patched version is
4.4.1
but aws-sdk is bringing in a vulnerable version4.2.5
.SDK version number
@aws-sdk/core@3.598.0
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
v20.11.0
Reproduction Steps
npm install @aws-sdk/core@3.598.0
Observed Behavior
fast-xml-parser
version 4.2.5 is installedExpected Behavior
fast-xml-parser
version should be 4.4.1 or above.Possible Solution
No response
Additional Information/Context
See this GitHub Advisory: GHSA-mpg4-rc92-vx8v
The text was updated successfully, but these errors were encountered: