CVE-2022-21144

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash.

Date published : 2022-05-01

https://github.com/libxmljs/libxmljs/commit/2501807bde9b38cfaed06d1e140487516d91379d

https://github.com/libxmljs/libxmljs/pull/594