2 matches found
1k-tasks (>=3.1.0 <=3.6.1), @adobe/helix-deploy (>=9.0.19 <=9.3.7) +433 more potentially affected by CVE-2026-27606 via rollup (>=3.0.0 <=3.2.5)
rollup NPM version =3.0.0, =3.1.0, =9.0.19, =6.0.3, =0.6.0, =12.0.0, =0.0.3, =1.6.3, =3.2.1, =0.1.0, =0.0.4, =3.0.1-canary.8, =3.0.1-canary.12 - @clairview/api =23.1.0 - @clairview/extensions-sdk =12.1.1 and more Source cves: CVE-2026-27606 Source advisory: OSV:GHSA-MW96-CPMX-2VGC...
Design/Logic Flaw
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...