CVE-2021-21366: Interpretation Conflict

March 12, 2021 (updated February 28, 2023)

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.As a workaround downstream applications can validate the input and reject the maliciously crafted documents.

References

nvd.nist.gov/vuln/detail/CVE-2021-21366

Detect and mitigate CVE-2021-21366 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →