JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
{ "last_known_affected_version_range": "<= 16.4.0" }