@xmldom/xmldom@0.7.6 vulnerabilities
A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
-
latest version
0.8.10
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
9 months ago
Direct Vulnerabilities
Known vulnerabilities in the @xmldom/xmldom package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Improper Input Validation due to parsing XML that is not well-formed, and contains multiple top-level elements. All the root nodes are being added to the How to fix Improper Input Validation? Upgrade |
<0.7.7
>=0.8.0 <0.8.4
>=0.9.0-beta.1 <0.9.0-beta.4
|