CVE-2021-21366 #215

OlivierB-OB · 2021-03-15T09:47:00Z

Hi,

A vulnerability has been reported on xmldom

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.

GHSA-h6q6-9hqw-rwfv

OlivierB-OB · 2021-03-31T10:54:48Z

Hi @dbashford ,

I'm wondering... any particular reason your specifying exact dependencies versions from your package.json?
Allowing any compatible version would make your library forward compatible with these kind of fixes...

prafullkulkarni · 2021-04-26T06:43:56Z

Hi @dbashford
Did you get chance to look into it and have an update?

prafullkulkarni · 2021-06-07T05:11:23Z

Hi @dbashford
Did you get chance to look into it and have an update?

prafullkulkarni · 2021-09-14T06:27:49Z

Hi @dbashford
Any update on this issue?

prafullkulkarni · 2021-10-08T09:43:09Z

Hi @dbashford
Any specific reason, there is no update on this issue?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2021-21366 #215

CVE-2021-21366 #215

OlivierB-OB commented Mar 15, 2021

OlivierB-OB commented Mar 31, 2021

prafullkulkarni commented Apr 26, 2021

prafullkulkarni commented Jun 7, 2021

prafullkulkarni commented Sep 14, 2021

prafullkulkarni commented Oct 8, 2021

CVE-2021-21366 #215

CVE-2021-21366 #215

Comments

OlivierB-OB commented Mar 15, 2021

OlivierB-OB commented Mar 31, 2021

prafullkulkarni commented Apr 26, 2021

prafullkulkarni commented Jun 7, 2021

prafullkulkarni commented Sep 14, 2021

prafullkulkarni commented Oct 8, 2021