NodeJS/jsdom/0.3.1
A JavaScript implementation of many web standards
https://www.npmjs.com/package/jsdom
MIT
1 Security Vulnerabilities
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Published date: 2022-05-24T17:42:20Z
CVE: CVE-2021-20066
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20066
- https://www.tenable.com/security/research/tra-2021-05
- https://github.com/jsdom/jsdom/issues/3124
- https://github.com/advisories/GHSA-f4c9-cqv8-9v98
- https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951
- https://security.snyk.io/vuln/SNYK-JS-JSDOM-1075447
Withdrawn Advisory
This advisory has been withdrawn because the user must configure jsdom to allow access to local files.
Original Description
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
Affected versions:
["0.0.1", "0.1.2", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.1.20", "0.1.21", "0.1.22", "0.1.23", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.7", "0.8.8", "0.8.9", "0.8.10", "0.8.11", "0.9.0", "0.10.0", "0.10.1", "0.10.2", "0.10.3", "0.10.4", "0.10.5", "0.10.6", "0.11.0", "0.11.1", "1.0.0-pre.1", "1.0.0-pre.3", "1.0.0-pre.4", "1.0.0-pre.5", "1.0.0-pre.6", "1.0.0-pre.7", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.3.1", "1.3.2", "1.4.0", "1.4.1", "1.5.0", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.1.0", "3.1.1", "3.1.2", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.1.0", "4.2.0", "4.3.0", "4.4.0", "4.5.0", "4.5.1", "5.0.0", "5.0.1", "4.5.2", "5.1.0", "5.2.0", "5.3.0", "5.4.0", "5.4.1", "5.4.2", "5.4.3", "5.5.0", "5.6.0", "5.6.1", "6.0.0", "6.0.1", "6.1.0", "6.2.0", "6.3.0", "6.4.0", "6.5.0", "6.5.1", "7.0.0", "7.0.1", "7.0.2", "7.1.0", "7.1.1", "7.2.0", "7.2.1", "7.2.2", "8.0.0-0", "8.0.0", "8.0.1", "8.0.2", "8.0.3", "8.0.4", "8.1.0", "8.2.0", "8.3.0", "8.3.1", "8.4.0", "8.4.1", "8.5.0", "9.0.0", "9.1.0", "9.2.0", "9.2.1", "9.3.0", "9.4.0", "9.4.1", "9.4.2", "9.4.3", "9.4.4", "9.4.5", "9.5.0", "9.6.0", "9.7.0", "9.7.1", "9.8.0", "9.8.1", "9.8.2", "9.8.3", "9.9.0", "9.9.1", "9.10.0", "9.11.0", "9.12.0", "10.0.0", "10.1.0", "11.0.0", "11.1.0", "11.2.0", "11.3.0", "11.4.0", "11.5.1", "11.6.0", "11.6.1", "11.6.2", "11.7.0", "11.8.0", "11.9.0", "11.10.0", "11.11.0", "11.12.0", "12.0.0", "12.1.0", "12.2.0", "13.0.0", "13.1.0", "13.2.0", "14.0.0", "14.1.0", "15.0.0", "15.1.0", "15.1.1", "15.2.0", "15.2.1", "16.0.0", "16.0.1", "16.1.0", "16.2.0", "16.2.1", "16.2.2", "16.3.0", "16.4.0"]
Secure versions:
[16.5.0, 16.5.1, 16.5.2, 16.5.3, 16.6.0, 16.7.0, 17.0.0, 18.0.0, 18.0.1, 18.1.0, 18.1.1, 19.0.0, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.1.0, 23.0.0, 23.0.1, 23.1.0, 23.2.0, 24.0.0, 24.1.0, 24.1.1, 24.1.2, 24.1.3, 25.0.0, 25.0.1]
Recommendation:
Update to version 25.0.1.
264 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
25.0.1 | MIT | 2024-09-22 - 05:00 | about 2 months | |
25.0.0 | MIT | 2024-08-25 - 10:52 | 3 months | |
24.1.3 | MIT | 2024-08-25 - 10:47 | 3 months | |
24.1.2 | MIT | 2024-08-25 - 09:33 | 3 months | |
24.1.1 | MIT | 2024-07-21 - 05:09 | 4 months | |
24.1.0 | MIT | 2024-05-26 - 09:22 | 6 months | |
24.0.0 | MIT | 2024-01-21 - 13:06 | 10 months | |
23.2.0 | MIT | 2024-01-07 - 12:44 | 10 months | |
23.1.0 | MIT | 2024-01-05 - 13:41 | 10 months | |
23.0.1 | MIT | 2023-11-30 - 09:55 | 12 months | |
23.0.0 | MIT | 2023-11-26 - 15:03 | 12 months | |
22.1.0 | MIT | 2023-05-27 - 10:19 | over 1 year | |
22.0.0 | MIT | 2023-05-02 - 09:03 | over 1 year | |
21.1.2 | MIT | 2023-05-01 - 14:43 | over 1 year | |
21.1.1 | MIT | 2023-03-12 - 12:29 | over 1 year | |
21.1.0 | MIT | 2023-01-22 - 11:16 | almost 2 years | |
21.0.0 | MIT | 2023-01-07 - 14:04 | almost 2 years | |
20.0.3 | MIT | 2022-11-20 - 10:30 | almost 2 years | |
20.0.2 | MIT | 2022-10-30 - 13:12 | about 2 years | |
20.0.1 | MIT | 2022-10-02 - 06:54 | about 2 years | |
20.0.0 | MIT | 2022-06-19 - 13:38 | over 2 years | |
19.0.0 | MIT | 2021-12-02 - 21:45 | almost 3 years | |
18.1.1 | MIT | 2021-11-21 - 22:57 | almost 3 years | |
18.1.0 | MIT | 2021-11-12 - 22:50 | about 3 years | |
18.0.1 | MIT | 2021-11-01 - 15:17 | about 3 years | |
18.0.0 | MIT | 2021-10-08 - 17:29 | about 3 years | |
17.0.0 | MIT | 2021-08-13 - 16:07 | over 3 years | |
16.7.0 | MIT | 2021-08-01 - 20:54 | over 3 years | |
16.6.0 | MIT | 2021-05-23 - 19:46 | over 3 years | |
16.5.3 | MIT | 2021-04-11 - 19:31 | over 3 years | |
16.5.2 | MIT | 2021-03-28 - 17:35 | over 3 years | |
16.5.1 | MIT | 2021-03-13 - 00:21 | over 3 years | |
16.5.0 | MIT | 2021-03-07 - 22:53 | over 3 years | |
16.4.0 | MIT | 1 | 2020-08-08 - 19:36 | over 4 years |
16.3.0 | MIT | 1 | 2020-07-10 - 00:57 | over 4 years |
16.2.2 | MIT | 1 | 2020-03-30 - 01:31 | over 4 years |
16.2.1 | MIT | 1 | 2020-03-09 - 22:36 | over 4 years |
16.2.0 | MIT | 1 | 2020-02-16 - 23:02 | over 4 years |
16.1.0 | MIT | 1 | 2020-02-01 - 22:29 | almost 5 years |
16.0.1 | MIT | 1 | 2020-01-20 - 06:16 | almost 5 years |
16.0.0 | MIT | 1 | 2020-01-13 - 16:59 | almost 5 years |
15.2.1 | MIT | 1 | 2019-11-04 - 03:25 | about 5 years |
15.2.0 | MIT | 1 | 2019-10-14 - 13:40 | about 5 years |
15.1.1 | MIT | 1 | 2019-05-28 - 01:24 | over 5 years |
15.1.0 | MIT | 1 | 2019-05-12 - 22:21 | over 5 years |
15.0.0 | MIT | 1 | 2019-04-21 - 22:54 | over 5 years |
14.1.0 | MIT | 1 | 2019-04-21 - 04:29 | over 5 years |
14.0.0 | MIT | 1 | 2019-03-10 - 03:17 | over 5 years |
13.2.0 | MIT | 1 | 2019-01-24 - 03:57 | almost 6 years |
13.1.0 | MIT | 1 | 2018-12-15 - 03:34 | almost 6 years |
13.0.0 | MIT | 1 | 2018-10-29 - 19:53 | about 6 years |
12.2.0 | MIT | 1 | 2018-10-08 - 05:48 | about 6 years |
12.1.0 | MIT | 1 | 2018-09-30 - 03:50 | about 6 years |
12.0.0 | MIT | 1 | 2018-08-19 - 20:51 | about 6 years |
11.12.0 | MIT | 1 | 2018-07-27 - 04:56 | over 6 years |
11.11.0 | MIT | 1 | 2018-05-23 - 20:40 | over 6 years |
11.10.0 | MIT | 1 | 2018-04-30 - 00:14 | over 6 years |
11.9.0 | MIT | 1 | 2018-04-23 - 03:53 | over 6 years |
11.8.0 | MIT | 1 | 2018-04-16 - 02:51 | over 6 years |
11.7.0 | MIT | 1 | 2018-04-01 - 19:07 | over 6 years |
11.6.2 | MIT | 1 | 2018-01-30 - 02:32 | almost 7 years |
11.6.1 | MIT | 1 | 2018-01-25 - 00:43 | almost 7 years |
11.6.0 | MIT | 1 | 2018-01-22 - 04:11 | almost 7 years |
11.5.1 | MIT | 1 | 2017-11-26 - 22:29 | almost 7 years |
11.4.0 | MIT | 1 | 2017-11-19 - 23:25 | almost 7 years |
11.3.0 | MIT | 1 | 2017-09-30 - 22:04 | about 7 years |
11.2.0 | MIT | 1 | 2017-08-21 - 15:56 | about 7 years |
11.1.0 | MIT | 1 | 2017-07-03 - 06:10 | over 7 years |
11.0.0 | MIT | 1 | 2017-05-21 - 23:32 | over 7 years |
10.1.0 | MIT | 1 | 2017-05-01 - 02:57 | over 7 years |
10.0.0 | MIT | 1 | 2017-04-24 - 05:55 | over 7 years |
9.12.0 | MIT | 1 | 2017-03-12 - 20:26 | over 7 years |
9.11.0 | MIT | 1 | 2017-02-11 - 23:24 | almost 8 years |
9.10.0 | MIT | 1 | 2017-02-04 - 17:22 | almost 8 years |
9.9.1 | MIT | 1 | 2016-12-19 - 03:53 | almost 8 years |
9.9.0 | MIT | 1 | 2016-12-19 - 01:13 | almost 8 years |
9.8.3 | MIT | 1 | 2016-10-25 - 08:13 | about 8 years |
9.8.2 | MIT | 1 | 2016-10-25 - 03:23 | about 8 years |
9.8.1 | MIT | 1 | 2016-10-25 - 01:48 | about 8 years |
9.8.0 | MIT | 1 | 2016-10-16 - 19:29 | about 8 years |
9.7.1 | MIT | 1 | 2016-10-15 - 15:35 | about 8 years |
9.7.0 | MIT | 1 | 2016-10-15 - 14:12 | about 8 years |
9.6.0 | MIT | 1 | 2016-10-02 - 18:47 | about 8 years |
9.5.0 | MIT | 1 | 2016-09-03 - 20:47 | about 8 years |
9.4.5 | MIT | 1 | 2016-08-30 - 19:24 | about 8 years |
9.4.4 | MIT | 1 | 2016-08-30 - 19:09 | about 8 years |
9.4.3 | MIT | 1 | 2016-08-30 - 18:59 | about 8 years |
9.4.2 | MIT | 1 | 2016-08-11 - 04:09 | over 8 years |
9.4.1 | MIT | 1 | 2016-07-05 - 21:54 | over 8 years |
9.4.0 | MIT | 1 | 2016-07-02 - 22:14 | over 8 years |
9.3.0 | MIT | 1 | 2016-06-26 - 21:12 | over 8 years |
9.2.1 | MIT | 1 | 2016-05-28 - 21:06 | over 8 years |
9.2.0 | MIT | 1 | 2016-05-24 - 10:13 | over 8 years |
9.1.0 | MIT | 1 | 2016-05-15 - 19:53 | over 8 years |
9.0.0 | MIT | 1 | 2016-05-06 - 21:17 | over 8 years |
8.5.0 | MIT | 1 | 2016-05-01 - 23:52 | over 8 years |
8.4.1 | MIT | 1 | 2016-04-28 - 02:32 | over 8 years |
8.4.0 | MIT | 1 | 2016-04-15 - 23:57 | over 8 years |
8.3.1 | MIT | 1 | 2016-04-10 - 22:08 | over 8 years |
8.3.0 | MIT | 1 | 2016-04-03 - 22:54 | over 8 years |