📂 Vulnerable Library - libxmljs-0.19.10.tgz
libxml bindings for v8 javascript engine
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs/package.json
Findings
Details
🟣CVE-289561-266276
Vulnerable Library - inherits-2.0.4.tgz
Browser-friendly inheritance fully compatible with standard node.js inherits()
Library home page: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/inherits/package.json
Dependency Hierarchy:
-
csurf-1.11.0.tgz (Root Library)
- http-errors-1.7.3.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
libxmljs-0.19.10.tgz (Root Library)
- node-pre-gyp-1.0.11.tgz
- npmlog-5.0.1.tgz
- are-we-there-yet-2.0.0.tgz
- readable-stream-3.6.2.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
bcrypt-1.0.3.tgz (Root Library)
- node-pre-gyp-0.6.36.tgz
- tar-pack-3.4.1.tgz
- readable-stream-2.3.8.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
express-fileupload-0.4.0.tgz (Root Library)
- busboy-0.2.14.tgz
- readable-stream-1.1.14.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
express-4.21.2.tgz (Root Library)
- send-0.19.0.tgz
- http-errors-2.0.0.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
-
winston-3.18.3.tgz (Root Library)
- winston-transport-4.9.0.tgz
- readable-stream-3.6.2.tgz
- ❌ inherits-2.0.4.tgz (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-289561-266276
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-398484-724968
Vulnerable Library - ms-2.1.3.tgz
Tiny millisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/send/node_modules/ms/package.json
Dependency Hierarchy:
-
libxmljs-0.19.10.tgz (Root Library)
- node-pre-gyp-1.0.11.tgz
- https-proxy-agent-5.0.1.tgz
- debug-4.4.3.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
sequelize-4.44.4.tgz (Root Library)
- debug-3.2.7.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
express-4.21.2.tgz (Root Library)
- send-0.19.0.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
-
winston-3.18.3.tgz (Root Library)
- logform-2.7.0.tgz
- ❌ ms-2.1.3.tgz (Vulnerable Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-398484-724968
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-495493-603164
Vulnerable Library - delegates-1.0.0.tgz
delegate methods and accessors to another property
Library home page: https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/delegates/package.json
Dependency Hierarchy:
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-495493-603164
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-2024-34391
Vulnerable Library - libxmljs-0.19.10.tgz
libxml bindings for v8 javascript engine
Library home page: https://registry.npmjs.org/libxmljs/-/libxmljs-0.19.10.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs/package.json
Dependency Hierarchy:
- ❌ libxmljs-0.19.10.tgz (Vulnerable Library)
Reachability Analysis
This vulnerability is potentially reachable:
- dvna-0.0.1/core/appHandler.js (Application)
- libxmljs-0.19.10/index.js (Extension)
-> ❌ libxmljs-0.19.10/lib/document.js (Vulnerable Component)
Vulnerability Details
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
Publish Date: May 02, 2024 06:54 PM
URL: CVE-2024-34391
Threat Assessment
Exploit Maturity:Not Defined
EPSS:3.2%
Score: 9.2
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/CVE-2024-34391
Release Date: May 02, 2024 06:54 PM
Fix Resolution : https://github.com/libxmljs/libxmljs.git - no_fix,libxmljs - no_fix
📂 Vulnerable Library - libxmljs-0.19.10.tgz
libxml bindings for v8 javascript engine
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs/package.json
Findings
Details
🟣CVE-289561-266276
Vulnerable Library - inherits-2.0.4.tgz
Browser-friendly inheritance fully compatible with standard node.js inherits()
Library home page: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/inherits/package.json
Dependency Hierarchy:
csurf-1.11.0.tgz (Root Library)
libxmljs-0.19.10.tgz (Root Library)
bcrypt-1.0.3.tgz (Root Library)
express-fileupload-0.4.0.tgz (Root Library)
express-4.21.2.tgz (Root Library)
winston-3.18.3.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-289561-266276
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-398484-724968
Vulnerable Library - ms-2.1.3.tgz
Tiny millisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/send/node_modules/ms/package.json
Dependency Hierarchy:
libxmljs-0.19.10.tgz (Root Library)
sequelize-4.44.4.tgz (Root Library)
express-4.21.2.tgz (Root Library)
winston-3.18.3.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-398484-724968
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-495493-603164
Vulnerable Library - delegates-1.0.0.tgz
delegate methods and accessors to another property
Library home page: https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/delegates/package.json
Dependency Hierarchy:
libxmljs-0.19.10.tgz (Root Library)
bcrypt-1.0.3.tgz (Root Library)
Vulnerability Details
Created automatically by the test suite
Publish Date: Jun 07, 2010 05:12 PM
URL: CVE-495493-603164
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🟣CVE-2024-34391
Vulnerable Library - libxmljs-0.19.10.tgz
libxml bindings for v8 javascript engine
Library home page: https://registry.npmjs.org/libxmljs/-/libxmljs-0.19.10.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/libxmljs/package.json
Dependency Hierarchy:
Reachability Analysis
This vulnerability is potentially reachable:
Vulnerability Details
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
Publish Date: May 02, 2024 06:54 PM
URL: CVE-2024-34391
Threat Assessment
Exploit Maturity:Not Defined
EPSS:3.2%
Score: 9.2
Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/CVE-2024-34391
Release Date: May 02, 2024 06:54 PM
Fix Resolution : https://github.com/libxmljs/libxmljs.git - no_fix,libxmljs - no_fix