This repository was archived by the owner on Jul 22, 2022. It is now read-only.
This repository was archived by the owner on Jul 22, 2022. It is now read-only.
Jszip audit issue #348
Description
Describe the bug
jszip (which this has a dep on for 3.2.1) have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance.
Upgrade to version 3.7.0 or later
To Reproduce
npm audit
Expected behavior
No audit issues
Environment (please complete the following information):
- Node Version: 14.17.4
- excel4node Version: 1.7.2
Additional context