237 matches found
AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
DEBIAN-CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
Sql injection
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
UBUNTU-CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developer jindw. A security vulnerability exists in XMLDOM versions prior to 0.8.3, which stems from the discovery that the p variable of the copy function of the dom.js of the XMLDOM package contains a prototype...
CVE-2022-37616
CVE-2022-37616: The xmldom package (@xmldom/xmldom) for Node.js contains a prototype pollution flaw in dom.js: the copy function can pollute Object.prototype via the p variable, affecting all versions prior to 0.8.3. This vulnerability is rated with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (b...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
PT-2022-24028 · Npm +2 · @Xmldom/Xmldom +2
Name of the Vulnerable Software and Affected Versions: @xmldom/xmldom versions prior to 0.8.3 Description: A prototype pollution vulnerability exists in the function copy in dom.js via the p variable. This issue is disputed by the vendor and some third parties, with attempts to create a proof of...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
Misinterpretation of malicious XML input
Overview Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.7.0 see issue 271 for the stat...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13074 more potentially affected by CVE-2021-32796 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2021-32796 Source advisory: OSV:GHSA-5FG8-2547-MR8Q...
GHSA-5FG8-2547-MR8Q Misinterpretation of malicious XML input
Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...
CVE-2021-32796
A flaw was found in nodejs-xmldom. The xmldom library is an open-source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Xmldom does not correctly escape special characters when serializing elements removed from their ancestor. This flaw may lead to...
XML Injection
xmldom is vulnerable to XML injection. The library correctly escapes special characters when serializing elements removed from their ancestor, potentially leading to unexpected syntactic changes during XML processing...
CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...