GHSA-6433-x5p4-8jc7

Опубликовано: 02 мая 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.2

CVSS3: 8.1

Описание

libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

Ссылки

Пакеты

Наименование

libxmljs

npm

Затронутые версииВерсия исправления

<= 1.0.11

Отсутствует

EPSS

Процентиль: 87%

0.03183

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-34391

Дефекты

CWE-843

Связанные уязвимости

CVE-2024-34391

CVSS3: 8.1

nvd

почти 2 года назад

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

EPSS

Процентиль: 87%

0.03183

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-34391

Дефекты

CWE-843