First published: Tue Feb 16 2021(Updated: )
# Withdrawn Advisory This advisory has been withdrawn because the user must configure jsdom to allow access to local files. # Original Description JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
npm/jsdom | <=16.4.0 | 16.5.0 |
Jsdom Project Jsdom |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20066 is a vulnerability that allows the loading of local resources in JSDom, which can be exploited to manipulate local files.
CVE-2021-20066 has a severity rating of medium (5.6).
CVE-2021-20066 allows a remote attacker to bypass security restrictions in JSDom and load local resources, enabling them to manipulate local files.
JSDom versions prior to the patched version are affected by CVE-2021-20066.
To mitigate CVE-2021-20066, it is recommended to update JSDom to the latest patched version.