{"source":1115997,"name":"@xmldom/xmldom","dependency":"@xmldom/xmldom","title":"xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion","url":"https://github.com/advisories/GHSA-wh4c-j3r5-mjhp","severity":"high","versions":["0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.7.10","0.7.11","0.7.12","0.7.13","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","0.8.10","0.8.11","0.8.12","0.9.0-beta.1","0.9.0-beta.2","0.9.0-beta.3","0.9.0-beta.4","0.9.0-beta.5","0.9.0-beta.6","0.9.0-beta.7","0.9.0-beta.8","0.9.0-beta.9","0.9.0-beta.10","0.9.0-beta.11","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9"],"vulnerableVersions":["0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.7.10","0.7.11","0.7.12","0.7.13","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","0.8.10","0.8.11"],"cwe":["CWE-91"],"cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"range":"<0.8.12","id":"xW18QNOg4a+3tMzZXbqpxquZ0JZkahoBTPUdRjapohcnEsARofv8iikEhVhYwy7hj/vfL5IEK4+GpkfyirqwzA=="}