xml2js is vulnerable to prototype pollution

Question

xml2js <=0.4.23 Severity: high xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc No fix available node_modules/xml2js aws-sdk * Depends on vulnerable versions of xml2js node_modules/aws-sdk

2 high severity vulnerabilities

Upgraded aws-sdk npm package to latest version. But vulnerability still exists.

Answer 1

1. delete your package-lock.json,
2. add this to your package.json:

 "overrides": {
   "xml2js": "^0.5.0"
 }

3. reinstall the deps : npm i

Answer 2

Given answers work well for hiding the error but you will face errors while making a development build or apk of the app. Following steps helped me solve the issue:

1. Search for xml2js in package-lock.json file

2. You will find xml2js version like this

   "xml2js" : "0.4.23"

You need to replace 0.4.23 by 0.5.0

`"xml2js" : "0.5.0"`

3. Run npm install

This will resolve the error.