CVE-2021-32796 (Medium) detected in xmldom-0.1.31.tgz #312
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-32796 - Medium Severity Vulnerability
A W3C Standard XML DOM(Level2 CORE) implementation and parser(DOMParser/XMLSerializer).
Library home page: https://registry.npmjs.org/xmldom/-/xmldom-0.1.31.tgz
Dependency Hierarchy:
Found in HEAD commit: 16df54b5db88f4c8b21295a7ded5e65ec8446eaa
Found in base branch: main
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
Publish Date: 2021-07-27
URL: CVE-2021-32796
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-5fg8-2547-mr8q
Release Date: 2021-07-27
Fix Resolution: @xmldom/xmldom - 0.7.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: