You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
Vulnerable Library - libxmljs2-0.33.0.tgz
Library home page: https://registry.npmjs.org/libxmljs2/-/libxmljs2-0.33.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs2/package.json
Found in HEAD commit: b17520d49acc97f4f5e90502a4a3e6e92b092ddc
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-34394
Vulnerable Library - libxmljs2-0.33.0.tgz
Library home page: https://registry.npmjs.org/libxmljs2/-/libxmljs2-0.33.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs2/package.json
Dependency Hierarchy:
Found in HEAD commit: b17520d49acc97f4f5e90502a4a3e6e92b092ddc
Found in base branch: master
Vulnerability Details
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
Publish Date: 2024-05-02
URL: CVE-2024-34394
CVSS 3 Score Details (8.1)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
CVE-2024-34393
Vulnerable Library - libxmljs2-0.33.0.tgz
Library home page: https://registry.npmjs.org/libxmljs2/-/libxmljs2-0.33.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs2/package.json
Dependency Hierarchy:
Found in HEAD commit: b17520d49acc97f4f5e90502a4a3e6e92b092ddc
Found in base branch: master
Vulnerability Details
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
Publish Date: 2024-05-02
URL: CVE-2024-34393
CVSS 3 Score Details (8.1)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: