Improper Access Control The advisory has been revoked - it doesn't affect any version of package org.webjars.npm:jsdom Open this link in a new tab
Threat Intelligence
EPSS
0.14% (50th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGWEBJARSNPM-1075448
- published 17 Feb 2021
- disclosed 17 Feb 2021
- credit Tenable
Introduced: 17 Feb 2021
CVE-2021-20066 Open this link in a new tabAmendment
This was deemed not a vulnerability.
Overview
org.webjars.npm:jsdom is an A JavaScript implementation of many web standards
Affected versions of this package are vulnerable to Improper Access Control. JSDom
improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
This was disputed by the maintainer.