PT-2021-6454 · Xmldom+1 · Xmldom+1

Karfau

Published

2021-07-10

Updated

2022-04-25

CVE-2021-32796

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions xmldom versions 0.6.0 and older

Description The issue is related to the incorrect filtering of special characters in the XML DOM implementation. This may lead to unexpected syntactic changes during XML processing in some downstream applications. The problem has been resolved in version 0.7.0. As a workaround, downstream applications can validate the input and reject maliciously crafted documents.

Recommendations For versions 0.6.0 and older, update to version 0.7.0 or newer to resolve the issue. As a temporary workaround, consider validating the input and rejecting maliciously crafted documents in downstream applications.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-91

Related Identifiers

BDU:2022-01661

CVE-2021-32796

GHSA-5FG8-2547-MR8Q

Affected Products

Debian

Xmldom

PT-2021-6454 · Xmldom+1 · Xmldom+1

CVE-2021-32796

Weakness Enumeration

Related Identifiers

Affected Products

References · 18