CVE-2022-21144

Published May 1st, 2022

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

libxmljs/libxmljs

NodeJS bindings for libxml2 written in Typescript

GitHub

1.06K