Improper Access Control The advisory has been revoked - it doesn't affect any version of package org.webjars.npm:jsdom Open this link in a new tab

Threat Intelligence

EPSS 0.14% (50^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGWEBJARSNPM-1075448
published 17 Feb 2021
disclosed 17 Feb 2021
credit Tenable

Report a new vulnerability Found a mistake?

Introduced: 17 Feb 2021

CVE-2021-20066 Open this link in a new tab CWE-284 Open this link in a new tab

Amendment

This was deemed not a vulnerability.

Overview

org.webjars.npm:jsdom is an A JavaScript implementation of many web standards

Affected versions of this package are vulnerable to Improper Access Control. JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

This was disputed by the maintainer.

Improper Access Control The advisory has been revoked - it doesn't affect any version of package org.webjars.npm:jsdom Open this link in a new tab

Threat Intelligence

Introduced: 17 Feb 2021

Amendment

Overview

References