9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.2%
xmldom is vulnerable to prototype pollution. The vulnerability exists because of lack of validations in copy
function in dom.js
which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating the base object.
users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf
dl.acm.org/doi/abs/10.1145/3488932.3497769
dl.acm.org/doi/pdf/10.1145/3488932.3497769
github.com/advisories/GHSA-9pgh-qqpf-7wqj
github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1
github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3
github.com/xmldom/xmldom/commit/1f20aee8ef1a8f3964add1a188f723bbc54862a0
github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd
github.com/xmldom/xmldom/commit/7c0d4b7fbf74079060a2f135a369adeeccaf4b18
github.com/xmldom/xmldom/issues/436
github.com/xmldom/xmldom/issues/436#issuecomment-1319412826
github.com/xmldom/xmldom/issues/436#issuecomment-1327776560
github.com/xmldom/xmldom/pull/437
github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
lists.debian.org/debian-lts-announce/2022/10/msg00023.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
44.2%