GHSA-f4c9-cqv8-9v98

Source
https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f4c9-cqv8-9v98/GHSA-f4c9-cqv8-9v98.json
Aliases
  • CVE-2021-20066
Published
2022-05-24T17:42:20Z
Modified
2023-11-08T04:04:34.345998Z
Details

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

References

Affected packages

npm / jsdom

Package

Name
jsdom

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
16.5.0

Database specific

{
    "last_known_affected_version_range": "<= 16.4.0"
}