CVE-2021-21366

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions xmldom versions 0.4.0 and older

Description The issue arises when xmldom versions 0.4.0 and older fail to correctly preserve system identifiers, FPIs, or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications.

Recommendations For versions 0.4.0 and older, update to version 0.5.0. As a temporary workaround, downstream applications can validate the input and reject the maliciously crafted documents.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436CWE-115

Related Identifiers

CVE-2021-21366

DLA-3260-1

GHSA-H6Q6-9HQW-RWFV

USN-6102-1

Affected Products

Linuxmint

Ubuntu

Xmldom

CVE-2021-21366

Weakness Enumeration

Related Identifiers

Affected Products

References · 22