libxmljs@1.0.9 vulnerabilities

libxml bindings for v8 javascript engine

latest version

1.0.11
first published

13 years ago
latest version published

a year ago
licenses detected
- MIT
  >=0
View libxmljs package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the libxmljs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Type Confusion libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to Type Confusion when parsing a specially crafted XML while invoking the namespaces() function, which invokes `_wrap__xmlNode_nsDef_get()` function on a grand-child of a node that refers to an entity. An attacker can cause a denial of service or execute arbitrary code by parsing a specially crafted XML document. How to fix Type Confusion? There is no fixed version for `libxmljs`.	*
H Remote Code Execution (RCE) libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to Remote Code Execution (RCE) when parsing a specially crafted XML while invoking a function on the result of `attrs()` that was called on a parsed node. An attacker can cause denial of service, data leak, infinite loop, and execute arbitrary code on 32-bit systems with the `XML_PARSE_HUGE` flag enabled by submitting a malicious XML document. How to fix Remote Code Execution (RCE)? There is no fixed version for `libxmljs`.	*

Type Confusion

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Type Confusion when parsing a specially crafted XML while invoking the namespaces() function, which invokes _wrap__xmlNode_nsDef_get() function on a grand-child of a node that refers to an entity. An attacker can cause a denial of service or execute arbitrary code by parsing a specially crafted XML document.

How to fix Type Confusion?

There is no fixed version for libxmljs.

Remote Code Execution (RCE)

libxmljs is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Remote Code Execution (RCE) when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. An attacker can cause denial of service, data leak, infinite loop, and execute arbitrary code on 32-bit systems with the XML_PARSE_HUGE flag enabled by submitting a malicious XML document.

How to fix Remote Code Execution (RCE)?

There is no fixed version for libxmljs.

Go back to all versions of this package

libxmljs@1.0.9 vulnerabilities

libxml bindings for v8 javascript engine

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities