High severity8.1NVD Advisory· Published May 2, 2024· Updated Apr 15, 2026
CVE-2024-34393
CVE-2024-34393
Description
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
libxmljs2npm | <= 0.33.0 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-mjr4-7xg5-pfvhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34393ghsaADVISORY
- github.com/marudor/libxmljs2/issues/204nvdWEB
- research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097ghsaWEB
- research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097/nvd
News mentions
0No linked articles in our index yet.