NodeJS/jsdom/0.11.0
A JavaScript implementation of many web standards
https://www.npmjs.com/package/jsdom
MIT
1 Security Vulnerabilities
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Published date: 2022-05-24T17:42:20Z
CVE: CVE-2021-20066
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20066
- https://www.tenable.com/security/research/tra-2021-05
- https://github.com/jsdom/jsdom/issues/3124
- https://github.com/advisories/GHSA-f4c9-cqv8-9v98
- https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951
- https://security.snyk.io/vuln/SNYK-JS-JSDOM-1075447
Withdrawn Advisory
This advisory has been withdrawn because the user must configure jsdom to allow access to local files.
Original Description
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
Affected versions:
["0.0.1", "0.1.2", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.1.20", "0.1.21", "0.1.22", "0.1.23", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.4.0", "0.4.1", "0.4.2", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.5.6", "0.5.7", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.7.0", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.7", "0.8.8", "0.8.9", "0.8.10", "0.8.11", "0.9.0", "0.10.0", "0.10.1", "0.10.2", "0.10.3", "0.10.4", "0.10.5", "0.10.6", "0.11.0", "0.11.1", "1.0.0-pre.1", "1.0.0-pre.3", "1.0.0-pre.4", "1.0.0-pre.5", "1.0.0-pre.6", "1.0.0-pre.7", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.3.0", "1.3.1", "1.3.2", "1.4.0", "1.4.1", "1.5.0", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.1.0", "3.1.1", "3.1.2", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.1.0", "4.2.0", "4.3.0", "4.4.0", "4.5.0", "4.5.1", "5.0.0", "5.0.1", "4.5.2", "5.1.0", "5.2.0", "5.3.0", "5.4.0", "5.4.1", "5.4.2", "5.4.3", "5.5.0", "5.6.0", "5.6.1", "6.0.0", "6.0.1", "6.1.0", "6.2.0", "6.3.0", "6.4.0", "6.5.0", "6.5.1", "7.0.0", "7.0.1", "7.0.2", "7.1.0", "7.1.1", "7.2.0", "7.2.1", "7.2.2", "8.0.0-0", "8.0.0", "8.0.1", "8.0.2", "8.0.3", "8.0.4", "8.1.0", "8.2.0", "8.3.0", "8.3.1", "8.4.0", "8.4.1", "8.5.0", "9.0.0", "9.1.0", "9.2.0", "9.2.1", "9.3.0", "9.4.0", "9.4.1", "9.4.2", "9.4.3", "9.4.4", "9.4.5", "9.5.0", "9.6.0", "9.7.0", "9.7.1", "9.8.0", "9.8.1", "9.8.2", "9.8.3", "9.9.0", "9.9.1", "9.10.0", "9.11.0", "9.12.0", "10.0.0", "10.1.0", "11.0.0", "11.1.0", "11.2.0", "11.3.0", "11.4.0", "11.5.1", "11.6.0", "11.6.1", "11.6.2", "11.7.0", "11.8.0", "11.9.0", "11.10.0", "11.11.0", "11.12.0", "12.0.0", "12.1.0", "12.2.0", "13.0.0", "13.1.0", "13.2.0", "14.0.0", "14.1.0", "15.0.0", "15.1.0", "15.1.1", "15.2.0", "15.2.1", "16.0.0", "16.0.1", "16.1.0", "16.2.0", "16.2.1", "16.2.2", "16.3.0", "16.4.0"]
Secure versions:
[16.5.0, 16.5.1, 16.5.2, 16.5.3, 16.6.0, 16.7.0, 17.0.0, 18.0.0, 18.0.1, 18.1.0, 18.1.1, 19.0.0, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.1.0, 23.0.0, 23.0.1, 23.1.0, 23.2.0, 24.0.0, 24.1.0, 24.1.1, 24.1.2, 24.1.3, 25.0.0, 25.0.1]
Recommendation:
Update to version 25.0.1.
264 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 8.2.0 | MIT | 1 | 2016-03-28 - 00:22 | over 8 years |
| 8.1.0 | MIT | 1 | 2016-03-01 - 03:54 | over 8 years |
| 8.0.4 | MIT | 1 | 2016-02-18 - 04:03 | over 8 years |
| 8.0.3 | MIT | 1 | 2016-02-17 - 07:09 | over 8 years |
| 8.0.2 | MIT | 1 | 2016-02-01 - 00:24 | almost 9 years |
| 8.0.1 | MIT | 1 | 2016-01-28 - 20:51 | almost 9 years |
| 8.0.0 | MIT | 1 | 2016-01-27 - 23:33 | almost 9 years |
| 8.0.0-0 | MIT | 1 | 2016-01-04 - 14:45 | almost 9 years |
| 7.2.2 | MIT | 1 | 2015-12-27 - 00:27 | almost 9 years |
| 7.2.1 | MIT | 1 | 2015-12-11 - 23:34 | almost 9 years |
| 7.2.0 | MIT | 1 | 2015-12-06 - 22:59 | almost 9 years |
| 7.1.1 | MIT | 1 | 2015-12-02 - 19:38 | almost 9 years |
| 7.1.0 | MIT | 1 | 2015-11-26 - 06:45 | almost 9 years |
| 7.0.2 | MIT | 1 | 2015-10-22 - 18:38 | about 9 years |
| 7.0.1 | MIT | 1 | 2015-10-18 - 21:55 | about 9 years |
| 7.0.0 | MIT | 1 | 2015-10-17 - 23:42 | about 9 years |
| 6.5.1 | MIT | 1 | 2015-09-19 - 17:16 | about 9 years |
| 6.5.0 | MIT | 1 | 2015-09-14 - 14:38 | about 9 years |
| 6.4.0 | MIT | 1 | 2015-09-13 - 18:59 | about 9 years |
| 6.3.0 | MIT | 1 | 2015-08-30 - 18:45 | about 9 years |
| 6.2.0 | MIT | 1 | 2015-08-25 - 02:59 | about 9 years |
| 6.1.0 | MIT | 1 | 2015-08-11 - 01:12 | over 9 years |
| 6.0.1 | MIT | 1 | 2015-08-07 - 23:50 | over 9 years |
| 6.0.0 | MIT | 1 | 2015-08-05 - 22:21 | over 9 years |
| 5.6.1 | MIT | 1 | 2015-07-13 - 22:11 | over 9 years |
| 5.6.0 | MIT | 1 | 2015-07-05 - 11:58 | over 9 years |
| 5.5.0 | MIT | 1 | 2015-06-30 - 01:47 | over 9 years |
| 5.4.3 | MIT | 1 | 2015-05-22 - 03:56 | over 9 years |
| 5.4.2 | MIT | 1 | 2015-05-19 - 15:57 | over 9 years |
| 5.4.1 | MIT | 1 | 2015-05-11 - 00:08 | over 9 years |
| 5.4.0 | MIT | 1 | 2015-05-10 - 22:17 | over 9 years |
| 5.3.0 | MIT | 1 | 2015-04-29 - 21:31 | over 9 years |
| 5.2.0 | MIT | 1 | 2015-04-29 - 13:52 | over 9 years |
| 5.1.0 | MIT | 1 | 2015-04-23 - 15:29 | over 9 years |
| 5.0.1 | MIT | 1 | 2015-04-16 - 21:34 | over 9 years |
| 5.0.0 | MIT | 1 | 2015-04-16 - 03:07 | over 9 years |
| 4.5.2 | MIT | 1 | 2015-04-23 - 15:17 | over 9 years |
| 4.5.1 | MIT | 1 | 2015-04-16 - 02:51 | over 9 years |
| 4.5.0 | MIT | 1 | 2015-04-16 - 02:19 | over 9 years |
| 4.4.0 | MIT | 1 | 2015-04-13 - 18:12 | over 9 years |
| 4.3.0 | MIT | 1 | 2015-04-10 - 18:44 | over 9 years |
| 4.2.0 | MIT | 1 | 2015-04-08 - 16:05 | over 9 years |
| 4.1.0 | MIT | 1 | 2015-03-28 - 22:33 | over 9 years |
| 4.0.5 | MIT | 1 | 2015-03-24 - 14:59 | over 9 years |
| 4.0.4 | MIT | 1 | 2015-03-20 - 10:36 | over 9 years |
| 4.0.3 | MIT | 1 | 2015-03-18 - 15:29 | over 9 years |
| 4.0.2 | MIT | 1 | 2015-03-05 - 04:43 | over 9 years |
| 4.0.1 | MIT | 1 | 2015-02-24 - 18:57 | over 9 years |
| 4.0.0 | MIT | 1 | 2015-02-22 - 22:23 | over 9 years |
| 3.1.2 | MIT | 1 | 2015-02-20 - 18:41 | over 9 years |
| 3.1.1 | MIT | 1 | 2015-02-09 - 05:18 | almost 10 years |
| 3.1.0 | MIT | 1 | 2015-01-27 - 20:18 | almost 10 years |
| 3.0.3 | MIT | 1 | 2015-01-27 - 00:46 | almost 10 years |
| 3.0.2 | MIT | 1 | 2015-01-21 - 22:24 | almost 10 years |
| 3.0.1 | MIT | 1 | 2015-01-21 - 00:04 | almost 10 years |
| 3.0.0 | MIT | 1 | 2015-01-18 - 00:31 | almost 10 years |
| 2.0.0 | MIT | 1 | 2014-12-28 - 01:28 | almost 10 years |
| 1.5.0 | MIT | 1 | 2014-12-14 - 21:41 | almost 10 years |
| 1.4.1 | MIT | 1 | 2014-12-07 - 19:40 | almost 10 years |
| 1.4.0 | MIT | 1 | 2014-12-05 - 23:19 | almost 10 years |
| 1.3.2 | MIT | 1 | 2014-12-03 - 01:43 | almost 10 years |
| 1.3.1 | MIT | 1 | 2014-11-18 - 22:03 | almost 10 years |
| 1.3.0 | MIT | 1 | 2014-11-18 - 21:41 | almost 10 years |
| 1.2.3 | MIT | 1 | 2014-11-18 - 17:27 | almost 10 years |
| 1.2.2 | MIT | 1 | 2014-11-17 - 13:41 | almost 10 years |
| 1.2.1 | MIT | 1 | 2014-11-08 - 14:23 | about 10 years |
| 1.2.0 | MIT | 1 | 2014-11-05 - 11:01 | about 10 years |
| 1.1.0 | MIT | 1 | 2014-10-29 - 20:17 | about 10 years |
| 1.0.3 | MIT | 1 | 2014-10-13 - 22:40 | about 10 years |
| 1.0.2 | MIT | 1 | 2014-10-13 - 20:04 | about 10 years |
| 1.0.1 | MIT | 1 | 2014-10-02 - 19:56 | about 10 years |
| 1.0.0 | MIT | 1 | 2014-09-28 - 06:27 | about 10 years |
| 1.0.0-pre.7 | MIT | 1 | 2014-09-19 - 01:23 | about 10 years |
| 1.0.0-pre.6 | MIT | 1 | 2014-09-02 - 14:33 | about 10 years |
| 1.0.0-pre.5 | MIT | 1 | 2014-08-30 - 05:11 | about 10 years |
| 1.0.0-pre.4 | MIT | 1 | 2014-08-28 - 16:16 | about 10 years |
| 1.0.0-pre.3 | MIT | 1 | 2014-08-22 - 15:11 | about 10 years |
| 1.0.0-pre.1 | MIT | 1 | 2014-08-19 - 18:55 | about 10 years |
| 0.11.1 | MIT | 1 | 2014-07-01 - 00:20 | over 10 years |
| 0.11.0 | MIT | 1 | 2014-06-16 - 03:15 | over 10 years |
| 0.10.6 | MIT | 1 | 2014-05-30 - 05:26 | over 10 years |
| 0.10.5 | MIT | 1 | 2014-04-04 - 05:59 | over 10 years |
| 0.10.4 | MIT | 1 | 2014-03-30 - 03:36 | over 10 years |
| 0.10.3 | MIT | 1 | 2014-03-15 - 04:08 | over 10 years |
| 0.10.2 | MIT | 1 | 2014-03-08 - 22:11 | over 10 years |
| 0.10.1 | MIT | 1 | 2014-02-08 - 06:26 | almost 11 years |
| 0.10.0 | MIT | 1 | 2014-02-07 - 04:25 | almost 11 years |
| 0.9.0 | MIT | 1 | 2014-02-02 - 20:25 | almost 11 years |
| 0.8.11 | MIT | 1 | 2014-01-18 - 04:25 | almost 11 years |
| 0.8.10 | MIT | 1 | 2013-12-18 - 02:09 | almost 11 years |
| 0.8.9 | MIT | 1 | 2013-11-30 - 05:28 | almost 11 years |
| 0.8.8 | MIT | 1 | 2013-10-23 - 23:41 | about 11 years |
| 0.8.7 | MIT | 1 | 2013-10-21 - 00:07 | about 11 years |
| 0.8.6 | MIT | 1 | 2013-09-28 - 02:08 | about 11 years |
| 0.8.5 | MIT | 1 | 2013-09-22 - 06:39 | about 11 years |
| 0.8.4 | MIT | 1 | 2013-08-25 - 00:43 | about 11 years |
| 0.8.3 | MIT | 1 | 2013-08-04 - 23:16 | over 11 years |
| 0.8.2 | MIT | 1 | 2013-07-28 - 21:10 | over 11 years |
| 0.8.1 | MIT | 1 | 2013-07-21 - 20:58 | over 11 years |
| 0.8.0 | MIT | 1 | 2013-07-21 - 08:51 | over 11 years |