libxmljs@0.18.8 vulnerabilities

libxml bindings for v8 javascript engine

Direct Vulnerabilities

Known vulnerabilities in the libxmljs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Denial of Service (DoS). When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

PoC:


  let libxmljs = require("libxmljs"); 
  let xml = {toString: 1 }; 
  libxmljs.parseXml(xml);

How to fix Denial of Service (DoS)?

Upgrade libxmljs to version 0.19.8 or higher.

<0.19.8