CVE-2022-21144

Exploit

EPSS 0.18%
Veröffentlicht 01.05.2022 16:15:07
Zuletzt bearbeitet 21.11.2024 06:43:58
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libxmljs Project ≫ Libxmljs SwPlatformnode.js Version < 0.19.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.402

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/libxmljs/libxmljs/commit/2501807bde9b38cfaed06d1e140487516d91379d

Patch

Third Party Advisory

https://github.com/libxmljs/libxmljs/pull/594

Patch

Third Party Advisory

https://snyk.io/vuln/SNYK-JS-LIBXMLJS-2348756

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-21144

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21144

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21144

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-21144