237 matches found
AZL-38671 CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
DEBIAN-CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
Design/Logic Flaw
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
UBUNTU-CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353
CVE-2022-39353 — The xmldom library’s DOMParser can parse XML with multiple top-level elements, adding multiple root nodes to Document.childNodes without error. This violates the single-root assumption and is the underlying issue that prompted CVE-2022-39299. Affected: xmldom (JavaScript XML DOM ...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
@nodecfdi/cfdi-core (>=0.4.1 <=0.5.1) potentially affected by CVE-2022-39353 via @xmldom/xmldom (=0.9.0-beta.11)
@xmldom/xmldom NPM version =0.9.0-beta.11 is affected by a known vulnerability. The following packages have a transitive dependency on @xmldom/xmldom and may be impacted: - @nodecfdi/cfdi-core =0.4.1, =0.5.1 Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...
2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +3897 more potentially affected by CVE-2022-39353 via @xmldom/xmldom (>=0.7.0 <=0.7.6)
@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =1.0.4, =1.0.0, =2.1.0-develop-2ff6c7-mckmjkzz, =2.1.0-renovate-fdebc6-mhg3djx8 - @abcd19/st-grid =3.1.0 - @abdullahceylan/expo-cli =0.2.6 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13074 more potentially affected by CVE-2022-39353 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...
1st-project (=1.0.2), 2d-game-assets (=0.0.1) +9034 more potentially affected by CVE-2022-39353 via @xmldom/xmldom (>=0.8.0 <=0.8.3)
@xmldom/xmldom NPM version =0.8.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =2.1.0, =2.8.6 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...
GHSA-CRH6-FP67-6883 xmldom allows multiple root nodes in a DOM
Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led ...
xmldom allows multiple root nodes in a DOM
Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led ...
PT-2022-5710 · Npm +2 · Xmldom +2
Name of the Vulnerable Software and Affected Versions: xmldom versions prior to 0.7.7 xmldom versions prior to 0.8.4 xmldom versions prior to 0.9.0-beta.4 Description: The issue is related to the xmldom module, which is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...
Debian: Security Advisory (DLA-3154-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Prototype Pollution
xmldom is vulnerable to prototype pollution. The vulnerability exists because of lack of validations in copy function in dom.js which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating the base object...
GHSA-9PGH-QQPF-7WQJ Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Withdrawn This advisory has been withdrawn because the maintainers of @xmldom/xmldom and multiple third parties disputed the validity of the issue. Attempts to create or replicate a proof of concept have been unsuccessful. Original Description Impact A prototype pollution vulnerability exists in...
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Withdrawn This advisory has been withdrawn because the maintainers of @xmldom/xmldom and multiple third parties disputed the validity of the issue. Attempts to create or replicate a proof of concept have been unsuccessful. Original Description Impact A prototype pollution vulnerability exists in...