Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XMLDOM 安全漏洞
Vulnerability Description
XMLDOM是jindw个人开发者的一个 W3C DOM for Node 的 JavaScript 实现。 XMLDOM 0.8.3之前版本存在安全漏洞,该漏洞源于XMLDOM包的dom.js的copy函数的p变量发现包含原型污染漏洞。
CVSS Information
N/A
Vulnerability Type
N/A