CVE-2022-21144 – libxmljs

Package

Manager: npm
Name: libxmljs
Vulnerable Version: >=0 <0.19.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00423 pctl0.61293

Details

Denial of service vulnerability exists in libxmljs libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Metadata

Created: 2022-05-03T00:00:46Z
Modified: 2022-05-26T19:44:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-773h-w45w-f2f9/GHSA-773h-w45w-f2f9.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-773h-w45w-f2f9
Finding: F184
Auto approve: 1