GHSA-78h3-pg4x-j8cv

Опубликовано: 02 мая 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.2

CVSS3: 8.1

Описание

libxmljs2 vulnerable to type confusion when parsing specially crafted XML

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

Ссылки

Пакеты

Наименование

libxmljs2

npm

Затронутые версииВерсия исправления

<= 0.35.0

Отсутствует

EPSS

Процентиль: 87%

0.0326

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-34394

Дефекты

CWE-843

Связанные уязвимости

CVE-2024-34394

CVSS3: 8.1

nvd

почти 2 года назад

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

EPSS

Процентиль: 87%

0.0326

Низкий

9.2 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2024-34394

Дефекты

CWE-843