GHSA-773h-w45w-f2f9

Suggest an improvement
Source
https://github.com/advisories/GHSA-773h-w45w-f2f9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-773h-w45w-f2f9/GHSA-773h-w45w-f2f9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-773h-w45w-f2f9
Aliases
Published
2022-05-03T00:00:46Z
Modified
2025-01-14T10:27:09.168309Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service vulnerability exists in libxmljs
Details

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Database specific 
{
    "nvd_published_at": "2022-05-01T16:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed_at": "2022-05-04T14:48:04Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

npm / libxmljs

Package

Name
libxmljs
View open source insights on deps.dev
Purl
pkg:npm/libxmljs

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.19.8