CVE-2022-21144

Name of the Vulnerable Software and Affected Versions libxmljs versions all

Description The issue arises when the libxmljs.parseXml function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the toString method of the argument. If the argument's toString value is not a Function object, V8 will crash. This is a problem related to the libxmljs package, which provides libxml bindings for the V8 JavaScript engine.

Recommendations For all versions of libxmljs, as a temporary workaround, consider avoiding the use of the libxmljs.parseXml function with non-buffer arguments until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.