NodeJS/jsdom/0.11.0
A JavaScript implementation of many web standards
https://www.npmjs.com/package/jsdom
MIT
1 Security Vulnerabilities
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Published date: 2022-05-24T17:42:20Z
CVE: CVE-2021-20066
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20066
- https://www.tenable.com/security/research/tra-2021-05
- https://github.com/jsdom/jsdom/issues/3124
- https://github.com/advisories/GHSA-f4c9-cqv8-9v98
- https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951
- https://security.snyk.io/vuln/SNYK-JS-JSDOM-1075447
Withdrawn Advisory
This advisory has been withdrawn because the user must configure jsdom to allow access to local files.
Original Description
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
Affected versions:
["0.0.1", "0.1.2", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.1.20", "0.1.21", "0.1.22", "0.1.23", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.7", "0.8.8", "0.8.9", "0.8.10", "0.8.11", "0.9.0", "0.10.0", "0.10.1", "0.10.2", "0.10.3", "0.10.4", "0.10.5", "0.10.6", "0.11.0", "0.11.1", "1.0.0-pre.1", "1.0.0-pre.3", "1.0.0-pre.4", "1.0.0-pre.5", "1.0.0-pre.6", "1.0.0-pre.7", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.3.1", "1.3.2", "1.4.0", "1.4.1", "1.5.0", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.1.0", "3.1.1", "3.1.2", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.1.0", "4.2.0", "4.3.0", "4.4.0", "4.5.0", "4.5.1", "5.0.0", "5.0.1", "4.5.2", "5.1.0", "5.2.0", "5.3.0", "5.4.0", "5.4.1", "5.4.2", "5.4.3", "5.5.0", "5.6.0", "5.6.1", "6.0.0", "6.0.1", "6.1.0", "6.2.0", "6.3.0", "6.4.0", "6.5.0", "6.5.1", "7.0.0", "7.0.1", "7.0.2", "7.1.0", "7.1.1", "7.2.0", "7.2.1", "7.2.2", "8.0.0-0", "8.0.0", "8.0.1", "8.0.2", "8.0.3", "8.0.4", "8.1.0", "8.2.0", "8.3.0", "8.3.1", "8.4.0", "8.4.1", "8.5.0", "9.0.0", "9.1.0", "9.2.0", "9.2.1", "9.3.0", "9.4.0", "9.4.1", "9.4.2", "9.4.3", "9.4.4", "9.4.5", "9.5.0", "9.6.0", "9.7.0", "9.7.1", "9.8.0", "9.8.1", "9.8.2", "9.8.3", "9.9.0", "9.9.1", "9.10.0", "9.11.0", "9.12.0", "10.0.0", "10.1.0", "11.0.0", "11.1.0", "11.2.0", "11.3.0", "11.4.0", "11.5.1", "11.6.0", "11.6.1", "11.6.2", "11.7.0", "11.8.0", "11.9.0", "11.10.0", "11.11.0", "11.12.0", "12.0.0", "12.1.0", "12.2.0", "13.0.0", "13.1.0", "13.2.0", "14.0.0", "14.1.0", "15.0.0", "15.1.0", "15.1.1", "15.2.0", "15.2.1", "16.0.0", "16.0.1", "16.1.0", "16.2.0", "16.2.1", "16.2.2", "16.3.0", "16.4.0"]
Secure versions:
[16.5.0, 16.5.1, 16.5.2, 16.5.3, 16.6.0, 16.7.0, 17.0.0, 18.0.0, 18.0.1, 18.1.0, 18.1.1, 19.0.0, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.1.0, 23.0.0, 23.0.1, 23.1.0, 23.2.0, 24.0.0, 24.1.0, 24.1.1, 24.1.2, 24.1.3, 25.0.0, 25.0.1]
Recommendation:
Update to version 25.0.1.
264 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.7.0 | MIT | 1 | 2013-07-04 - 23:32 | over 11 years |
| 0.6.5 | MIT | 1 | 2013-05-21 - 00:58 | over 11 years |
| 0.6.4 | MIT | 1 | 2013-05-21 - 00:40 | over 11 years |
| 0.6.3 | MIT | 1 | 2013-05-16 - 04:36 | over 11 years |
| 0.6.2 | MIT | 1 | 2013-05-11 - 21:30 | over 11 years |
| 0.6.1 | MIT | 1 | 2013-05-07 - 02:51 | over 11 years |
| 0.6.0 | MIT | 1 | 2013-04-15 - 20:05 | over 11 years |
| 0.5.7 | MIT | 1 | 2013-04-15 - 16:00 | over 11 years |
| 0.5.6 | MIT | 1 | 2013-04-08 - 01:31 | over 11 years |
| 0.5.5 | MIT | 1 | 2013-03-29 - 20:35 | over 11 years |
| 0.5.4 | MIT | 1 | 2013-03-24 - 21:56 | over 11 years |
| 0.5.3 | MIT | 1 | 2013-03-16 - 23:53 | over 11 years |
| 0.5.2 | MIT | 1 | 2013-03-10 - 21:47 | over 11 years |
| 0.5.1 | MIT | 1 | 2013-03-03 - 00:53 | over 11 years |
| 0.5.0 | MIT | 1 | 2013-02-13 - 04:55 | over 11 years |
| 0.4.2 | MIT | 1 | 2013-02-13 - 04:32 | over 11 years |
| 0.4.1 | MIT | 1 | 2013-02-08 - 06:31 | almost 12 years |
| 0.4.0 | MIT | 1 | 2013-02-06 - 05:03 | almost 12 years |
| 0.3.4 | MIT | 1 | 2012-12-29 - 06:07 | almost 12 years |
| 0.3.3 | MIT | 1 | 2012-12-20 - 03:54 | almost 12 years |
| 0.3.2 | MIT | 1 | 2012-12-16 - 23:41 | almost 12 years |
| 0.3.1 | MIT | 1 | 2012-12-11 - 06:04 | almost 12 years |
| 0.3.0 | MIT | 1 | 2012-12-10 - 08:08 | almost 12 years |
| 0.2.19 | MIT | 1 | 2012-10-27 - 02:42 | about 12 years |
| 0.2.18 | MIT | 1 | 2012-10-13 - 03:26 | about 12 years |
| 0.2.17 | MIT | 1 | 2012-10-13 - 00:13 | about 12 years |
| 0.2.16 | MIT | 1 | 2012-10-12 - 00:33 | about 12 years |
| 0.2.15 | MIT | 1 | 2012-07-12 - 20:10 | over 12 years |
| 0.2.14 | MIT | 1 | 2012-04-12 - 22:16 | over 12 years |
| 0.2.13 | MIT | 1 | 2012-02-28 - 01:42 | over 12 years |
| 0.2.12 | MIT | 1 | 2012-02-23 - 19:28 | over 12 years |
| 0.2.11 | MIT | 1 | 2012-02-23 - 16:05 | over 12 years |
| 0.2.10 | MIT | 1 | 2011-11-21 - 03:29 | almost 13 years |
| 0.2.9 | MIT | 1 | 2011-11-21 - 03:28 | almost 13 years |
| 0.2.8 | MIT | 1 | 2011-11-21 - 03:28 | almost 13 years |
| 0.2.7 | MIT | 1 | 2011-11-21 - 03:28 | almost 13 years |
| 0.2.6 | MIT | 1 | 2011-11-21 - 03:27 | almost 13 years |
| 0.2.5 | MIT | 1 | 2011-11-21 - 03:27 | almost 13 years |
| 0.2.4 | MIT | 1 | 2011-11-21 - 03:23 | almost 13 years |
| 0.2.3 | MIT | 1 | 2011-11-21 - 03:23 | almost 13 years |
| 0.2.2 | MIT | 1 | 2011-11-21 - 03:22 | almost 13 years |
| 0.2.1 | MIT | 1 | 2011-11-21 - 03:22 | almost 13 years |
| 0.2.0 | MIT | 1 | 2011-11-21 - 03:22 | almost 13 years |
| 0.1.23 | MIT | 1 | 2011-11-21 - 03:21 | almost 13 years |
| 0.1.22 | MIT | 1 | 2011-11-21 - 03:20 | almost 13 years |
| 0.1.21 | MIT | 1 | 2011-11-21 - 03:20 | almost 13 years |
| 0.1.20 | MIT | 1 | 2011-11-21 - 03:19 | almost 13 years |
| 0.1.19 | MIT | 1 | 2011-11-21 - 03:19 | almost 13 years |
| 0.1.18 | MIT | 1 | 2011-11-21 - 03:18 | almost 13 years |
| 0.1.17 | MIT | 1 | 2011-11-21 - 03:18 | almost 13 years |
| 0.1.16 | MIT | 1 | 2011-11-21 - 03:17 | almost 13 years |
| 0.1.15 | MIT | 1 | 2011-11-21 - 03:16 | almost 13 years |
| 0.1.13 | MIT | 1 | 2011-11-21 - 03:16 | almost 13 years |
| 0.1.12 | MIT | 1 | 2011-11-21 - 03:15 | almost 13 years |
| 0.1.11 | MIT | 1 | 2011-11-21 - 03:15 | almost 13 years |
| 0.1.10 | MIT | 1 | 2011-11-21 - 03:14 | almost 13 years |
| 0.1.9 | MIT | 1 | 2011-11-21 - 03:13 | almost 13 years |
| 0.1.8 | MIT | 1 | 2011-11-21 - 03:13 | almost 13 years |
| 0.1.7 | MIT | 1 | 2011-11-21 - 03:12 | almost 13 years |
| 0.1.6 | MIT | 1 | 2011-11-21 - 03:11 | almost 13 years |
| 0.1.5 | MIT | 1 | 2011-11-21 - 03:11 | almost 13 years |
| 0.1.4 | MIT | 1 | 2011-11-21 - 03:10 | almost 13 years |
| 0.1.2 | MIT | 1 | 2011-11-21 - 03:09 | almost 13 years |
| 0.0.1 | MIT | 1 | 2011-11-21 - 03:09 | almost 13 years |