5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level
2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older
do not correctly escape special characters when serializing elements
removed from their ancestor. This may lead to unexpected syntactic changes
during XML processing in some downstream applications. This issue has been
resolved in version 0.7.0. As a workaround downstream applications can
validate the input and reject the maliciously crafted documents.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | node-xmldom | < any | UNKNOWN |
ubuntu | 23.10 | noarch | node-xmldom | < any | UNKNOWN |
ubuntu | 24.04 | noarch | node-xmldom | < any | UNKNOWN |
github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
launchpad.net/bugs/cve/CVE-2021-32796
mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
nvd.nist.gov/vuln/detail/CVE-2021-32796
security-tracker.debian.org/tracker/CVE-2021-32796
www.cve.org/CVERecord?id=CVE-2021-32796
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%