Lucene search

[email protected]CVE-2021-21366

HistoryMar 12, 2021 - 5:15 p.m.

CVE-2021-21366

2021-03-1217:15:12

CWE-436

CWE-115

[email protected]

web.nvd.nist.gov

xmldom

javascript

w3c

domparser

xmlserializer

cve-2021-21366

security vulnerability

system identifiers

xml processing

4.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

CPE configuration

Vulners

NVD

xmldomxmldomRange<0.5.0

CPENameOperatorVersion
xmldom_project:xmldomxmldom project xmldomlt0.5.0
debian:debian_linuxdebian debian linuxeq10.0

CPE	Name	Operator	Version
xmldom_project:xmldom	xmldom project xmldom	lt	0.5.0
debian:debian_linux	debian debian linux	eq	10.0

CNA Affected

[
  {
    "vendor": "xmldom",
    "product": "xmldom",
    "versions": [
      {
        "version": "< 0.5.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135

github.com/xmldom/xmldom/releases/tag/0.5.0

github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv

lists.debian.org/debian-lts-announce/2023/01/msg00000.html

www.npmjs.com/package/xmldom

Social References