CVE-2021-20066: Insufficient Granularity of Access Control in JSDom

May 24, 2022 (updated June 22, 2022)

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

References

github.com/advisories/GHSA-f4c9-cqv8-9v98
github.com/jsdom/jsdom/issues/3124
nvd.nist.gov/vuln/detail/CVE-2021-20066
www.tenable.com/security/research/tra-2021-05

Code Behaviors & Features

Detect and mitigate CVE-2021-20066 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →