Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-9pgh-qqpf-7wqj] Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom #747

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.3.0",
"id": "GHSA-9pgh-qqpf-7wqj",
"modified": "2022-10-11T20:42:57Z",
"modified": "2022-10-17T11:03:29Z",
"published": "2022-10-11T20:42:57Z",
"aliases": [
"CVE-2022-37616"
],
"summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom",
"details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\nNo, if you can not update to v0.8.3, please let us know, we would be able to also provide a patch update for version 0.7.x if required.\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
"details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 on 0.8.x and 0.7.6 on 0.7.x.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.7.6` on 0.7.x,`@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
"severity": [
{
"type": "CVSS_V3",
Expand All @@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
"introduced": "0.8.0"
},
{
"fixed": "0.8.3"
Expand All @@ -47,7 +47,7 @@
"introduced": "0"
},
{
"last_affected": "0.6.0"
"fixed": "0.7.6"
}
]
}
Expand Down