Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Misinterpretation of malicious XML input
Vulnerability Description
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
解释冲突
Vulnerability Title
XMLDOM 安全漏洞
Vulnerability Description
XMLDOM是jindw个人开发者的一个 W3C DOM for Node 的 JavaScript 实现。 XMLDOM 0.4.0及更早版本存在安全漏洞,该漏洞源于没有正确地保留系统标识符、fis或名称空间。
CVSS Information
N/A
Vulnerability Type
N/A