diff --git a/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json b/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json index 593918eeced8d..51281410f0845 100644 --- a/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json +++ b/advisories/github-reviewed/2022/10/GHSA-9pgh-qqpf-7wqj/GHSA-9pgh-qqpf-7wqj.json @@ -1,34 +1,31 @@ { "schema_version": "1.3.0", "id": "GHSA-9pgh-qqpf-7wqj", - "modified": "2022-10-18T21:46:48Z", + "modified": "2022-11-08T18:05:14Z", "published": "2022-10-11T20:42:57Z", "aliases": [ "CVE-2022-37616" ], "summary": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom", - "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issues/436\n", + "details": "### Impact\nA prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.\n**Please be aware that every attempt to provide an exploit, was not able to and we are in the process of marking this report as invalid.**\n\n### Patches\nUpdate to `@xmldom/xmldom@~0.7.6`, `@xmldom/xmldom@~0.8.3` (dist-tag `latest`) or `@xmldom/xmldom@>=0.9.0-beta.2` (dist-tag `next`).\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/xmldom/xmldom/pull/437\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@xmldom.org\n* Add information to https://github.com/xmldom/xmldom/issues/436\n", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } + ], "affected": [ { "package": { "ecosystem": "npm", - "name": "@xmldom/xmldom" + "name": "xmldom" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "0.8.0" + "introduced": "0" }, { - "fixed": "0.8.3" + "last_affected": "0.6.0" } ] } @@ -37,20 +34,23 @@ { "package": { "ecosystem": "npm", - "name": "xmldom" + "name": "@xmldom/xmldom" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "0.9.0-beta.1" }, { - "last_affected": "0.6.0" + "fixed": "0.9.0-beta.2" } ] } + ], + "versions": [ + "0.9.0-beta.1" ] }, { @@ -63,16 +63,13 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0.9.0-beta.1" + "introduced": "0.8.0" }, { - "fixed": "0.9.0-beta.2" + "fixed": "0.8.3" } ] } - ], - "versions": [ - "0.9.0-beta.1" ] }, { @@ -137,7 +134,7 @@ "cwe_ids": [ "CWE-1321" ], - "severity": "CRITICAL", + "severity": "LOW", "github_reviewed": true } } \ No newline at end of file