CVE-2022-21144

Published: May 1, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Affected (1)

Products: Libxmljs Project: Libxmljs

Libxmljs Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libxmljs Project Libxmljs	Before 0.19.8

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/libxmljs/libxmljs/commit/2501807bde9b38cfaed06d1e140487516d91379d

Source: report@snyk.io

PatchThird Party Advisory

https://github.com/libxmljs/libxmljs/pull/594

Source: report@snyk.io

PatchThird Party Advisory

https://snyk.io/vuln/SNYK-JS-LIBXMLJS-2348756

Source: report@snyk.io

ExploitThird Party Advisory

https://github.com/libxmljs/libxmljs/commit/2501807bde9b38cfaed06d1e140487516d91379d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/libxmljs/libxmljs/pull/594

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://snyk.io/vuln/SNYK-JS-LIBXMLJS-2348756

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.