Praveen-Kv

**Name of the Vulnerable Software and Affected Versions** @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions 0.6.0 and earlier **Description** Seven recursive traversals in `lib/dom.js` operate without a depth limit. When processing a sufficiently deeply nested DOM tree, the JavaScript call stack is exhausted, resulting in a `RangeError: Maximum call stack size exceeded` and crashing the application. This can lead to a denial of service if a service accepts attacker-controlled XML and performs any of the affected operations. The affected functions and entry points include - `Node.prototype.normalize()` - `XMLSerializer.serializeToString()` - `Element.getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, and `getElementById()` (via the ` visitNode` function) - `Node.cloneNode(true)` - `Document.importNode(node, true)` - `node.textContent` (getter) - `Node.isEqualNode(other)` **Recommendations** Update @xmldom/xmldom to version 0.8.13 or 0.9.10. Update xmldom to a version later than 0.6.0. As a temporary workaround, restrict the use of the affected functions or limit the nesting depth of XML documents before they are processed by the library.