Impact
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.
Please be aware that every attempt to provide an exploit, was not able to and we are in the process of marking this report as invalid.
Patches
Update to @xmldom/xmldom@~0.7.6, @xmldom/xmldom@~0.8.3 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.2 (dist-tag next).
Workarounds
None
References
#437
For more information
If you have any questions or comments about this advisory:
secdevlpr26 Analyst
Impact
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.
Please be aware that every attempt to provide an exploit, was not able to and we are in the process of marking this report as invalid.
Patches
Update to
@xmldom/xmldom@~0.7.6,@xmldom/xmldom@~0.8.3(dist-taglatest) or@xmldom/xmldom@>=0.9.0-beta.2(dist-tagnext).Workarounds
None
References
#437
For more information
If you have any questions or comments about this advisory: