Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xmldom allows multiple root nodes in a DOM
Vulnerability Description
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
XMLDOM 输入验证错误漏洞
Vulnerability Description
XMLDOM是jindw个人开发者的一个 W3C DOM for Node 的 JavaScript 实现。 XMLDOM 存在安全漏洞,该漏洞源于xmldom包含多个顶级元素,并将所有根节点添加到“Document”的“childNodes”集合中,但却不报告任何错误。
CVSS Information
N/A
Vulnerability Type
N/A