Open
Description
During npm audit through Veracode, it is detected Arbitrary Code Injection for dot library for compodoc/ngd-transformer package.
Vulnerability detail : dot is vulnerable to arbitrary code injection. The template function does not sanitize input set on Object.prototype
, allowing an attacker who is able to compile templates to inject and execute arbitrary code.
Currently compodoc/ngd-transformer using 1.1.3 versiof dot library. Above Vulnerability is fixed in 2.x.x (2.0.0-beta.1) version of dot.
Can someone please help to upgrade dot library to latest version to solve above Vulnerability?
Metadata
Metadata
Assignees
Labels
No labels
Activity