libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs()
that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XMLPARSEHUGE flag enabled).
{ "nvd_published_at": "2024-05-02T19:15:06Z", "cwe_ids": [ "CWE-843" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-05-03T20:24:29Z" }