Update the mustache.js version 0.1 javascript dependency to the latest version
Closed this issue · 1 comments
anushringi commented
Hi Team,
During the security assessment of oyo rooms iOS application, it has been observed that the application is using mustache.js version 0.1 javascript dependency. This version of mustache.js has some known vulnerabilities and exploits are publicly available.
The Vulnerable request has domain share.oyorooms.com, which is owned by Branch for creating shareable links.
Suggested fix is to update the vulnerable dependency to the latest version.
Please look into it.
Thanks and Regards
echo-branch commented
Thanks for the issue report. I'll close this one and route it to the appropriate team. The iOS github repo is rather focused on Branch iOS SDK issues and bugs.