Search CVE reports
1 – 4 of 4 results
CVE-2022-39353
Medium prioritySome fixes available 3 of 6
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to...
1 affected package
node-xmldom
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-xmldom | Needs evaluation | Fixed | Fixed | Not in release | Ignored |
CVE-2022-37616
Medium priorityA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking...
1 affected package
node-xmldom
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-xmldom | — | Fixed | Fixed | Not in release | Ignored |
CVE-2021-32796
Low priorityxmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed...
1 affected package
node-xmldom
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-xmldom | Needs evaluation | Not affected | Vulnerable | Not in release | Ignored |
CVE-2021-21366
Medium prioritySome fixes available 1 of 4
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and...
1 affected package
node-xmldom
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| node-xmldom | — | Not affected | Fixed | Not in release | Not in release |