libxmljs@0.19.8 vulnerabilities

libxml bindings for v8 javascript engine

Direct Vulnerabilities

Known vulnerabilities in the libxmljs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Type Confusion

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Type Confusion when parsing a specially crafted XML while invoking the namespaces() function, which invokes _wrap__xmlNode_nsDef_get() function on a grand-child of a node that refers to an entity. An attacker can cause a denial of service or execute arbitrary code by parsing a specially crafted XML document.

How to fix Type Confusion?

There is no fixed version for libxmljs.

*
  • H
Remote Code Execution (RCE)

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Remote Code Execution (RCE) when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. An attacker can cause denial of service, data leak, infinite loop, and execute arbitrary code on 32-bit systems with the XML_PARSE_HUGE flag enabled by submitting a malicious XML document.

How to fix Remote Code Execution (RCE)?

There is no fixed version for libxmljs.

*