CVE-2022-37616
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."
| Vendor | n/a |
| Product | n/a |
| Published | Oct 11, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new unknown vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
github.com: https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1 github.com: https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3 github.com: https://github.com/xmldom/xmldom/issues/436 github.com: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj lists.debian.org: https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html dl.acm.org: https://dl.acm.org/doi/abs/10.1145/3488932.3497769 dl.acm.org: https://dl.acm.org/doi/pdf/10.1145/3488932.3497769 users.encs.concordia.ca: http://users.encs.concordia.ca/~mmannan/publications/JS-vulnerability-aisaccs2022.pdf github.com: https://github.com/xmldom/xmldom/issues/436#issuecomment-1319412826 github.com: https://github.com/xmldom/xmldom/issues/436#issuecomment-1327776560