Описание
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
A flaw was found in nodejs-xmldom. The xmldom library is an open-source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Xmldom does not correctly escape special characters when serializing elements removed from their ancestor. This flaw may lead to unexpected syntactic changes during XML processing in some downstream applications. Invalid processing of XML documents could lead to a loss of confidentiality or integrity of data in the application using the vulnerable library.
Меры по смягчению последствий
Applications using the vulnerable version of xmldom should properly validate the inputs and reject maliciously formed documents.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Not affected | ||
| Red Hat Fuse 7 | syndesis | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...
Уязвимость реализации XML DOM XMLDOM, связанная с недостатком механизма кодирование или экранирование выходных данных, позволяющая нарушителю оказать воздействие на целостность данных
6.5 Medium
CVSS3