libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces()
function (which invokes XmlNode::get_local_namespaces()
) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
{ "nvd_published_at": "2024-05-02T19:15:06Z", "cwe_ids": [ "CWE-843" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-05-03T20:24:18Z" }