CVE-2022-37616: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(updated )
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.
References
- github.com/advisories/GHSA-9pgh-qqpf-7wqj
- github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js
- github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js
- github.com/xmldom/xmldom/issues/436
- github.com/xmldom/xmldom/pull/437
- github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
- nvd.nist.gov/vuln/detail/CVE-2022-37616
Code Behaviors & Features
Detect and mitigate CVE-2022-37616 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →