CVE-2022-21144

Denial of service vulnerability exists in libxmljs in npm/libxmljs

Identifiers

CVE-2022-21144, GHSA-773h-w45w-f2f9

Package Slug

npm/libxmljs

Vulnerability

Denial of service vulnerability exists in libxmljs

Description

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

Affected Versions

All versions before 0.19.8

Solution

Upgrade to version 0.19.8 or above.

Last Modified

2022-05-05

source