Critical vulnerability in simple-plist package (Prototype Pollution using .parse())

Question

Critical vulnerability in simple-plist package (Prototype Pollution using .parse())

Sujay-shetty opened this issue 2 years ago · 1 comments

Hi,

There is a critical vulnerability found in plist which is used in simple-plist. According to below commit this has been fixed in plist and simple-plist.

wollardj/simple-plist#60

Could you please update simple-plist package to 1.3.1 version

Thanks,
Sujay

Answer 1 · 2022-03-31T12:55:02.000Z

You should be able to reinstall or run npm update to have the dependency patched in.