You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Critical severity
GitHub Reviewed
Published
Oct 11, 2022
in
xmldom/xmldom
•
Updated Feb 2, 2023
Withdrawn
This advisory was withdrawn on Nov 8, 2022
This advisory has been withdrawn because the maintainers of @xmldom/xmldom and multiple third parties disputed the validity of the issue. Attempts to create or replicate a proof of concept have been unsuccessful.
Original Description
Impact
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.
Patches
Update to @xmldom/xmldom@~0.7.6, @xmldom/xmldom@~0.8.3 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.2 (dist-tag next).
secdevlpr26 Analyst
bchew Analyst
tzimmermann Analyst
mrtc0 Analyst
karfau Analyst
Withdrawn
This advisory has been withdrawn because the maintainers of
@xmldom/xmldomand multiple third parties disputed the validity of the issue. Attempts to create or replicate a proof of concept have been unsuccessful.Original Description
Impact
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.
Patches
Update to
@xmldom/xmldom@~0.7.6,@xmldom/xmldom@~0.8.3(dist-taglatest) or@xmldom/xmldom@>=0.9.0-beta.2(dist-tagnext).Workarounds
None
References
xmldom/xmldom#437
For more information
If you have any questions or comments about this advisory:
References