Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GHSA-9pgh-qqpf-7wqj] Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom #747

Merged
merged 2 commits into from Oct 17, 2022
Merged

[GHSA-9pgh-qqpf-7wqj] Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom #747

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3802bec
Improve GHSA-9pgh-qqpf-7wqj
bchew Oct 16, 2022
dab9ac0
Improve GHSA-9pgh-qqpf-7wqj
bchew Oct 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json
View file
Open in desktop
@@ -1,13 +1,13 @@
{
"schema_version": "1.3.0",
"id": "GHSA-9pgh-qqpf-7wqj",
"modified": "2022-10-11T20:42:57Z",
"modified": "2022-10-17T11:03:29Z",
"published": "2022-10-11T20:42:57Z",
"aliases": [
"CVE-2022-37616"
],
"summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom",
"details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\nNo, if you can not update to v0.8.3, please let us know, we would be able to also provide a patch update for version 0.7.x if required.\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
"details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 on 0.8.x and 0.7.6 on 0.7.x.\n\n### Patches\nUpdate to `@xmldom/xmldom@0.7.6` on 0.7.x,`@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`.\n\n### Workarounds\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issue/436",
"severity": [
{
"type": "CVSS_V3",
Expand All @@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
"introduced": "0.8.0"
},
{
"fixed": "0.8.3"
Expand All @@ -47,7 +47,7 @@
"introduced": "0"
},
{
"last_affected": "0.6.0"
"fixed": "0.7.6"
}
]
}
Expand Down