Miggo Logo
Miggo Vulnerability Database
CVE-2024-34394

CVE-2024-34394: libxmljs2 vulnerable to type confusion when parsing specially crafted XML

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34394
GHSA ID
GHSA-78h3-pg4x-j8cv
EPSS Score
0.81485%
CWE
CWE-843
Published
5/2/2024
Updated
11/25/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
libxmljs2npm<= 0.35.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies namespaces() -> get_local_namespaces() as the call chain. The PoC demonstrates exploitation via c2.namespaces(true) on an entity-referenced node. Type confusion occurs when these functions process entity-derived nodes without proper type checks, as entity nodes don't have namespaces but get treated as namespace-capable nodes. The lack of node type validation in these functions is the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

li*xmljs* is vuln*r**l* to * typ* *on*usion vuln*r**ility w**n p*rsin* * sp**i*lly *r**t** XML w*il* invokin* t** `n*m*sp***s()` *un*tion (w*i** invok*s `XmlNo**::**t_lo**l_n*m*sp***s()`) on * *r*n*-**il* o* * no** t**t r***rs to *n *ntity. T*is vuln

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s n*m*sp***s() -> **t_lo**l_n*m*sp***s() *s t** **ll ***in. T** Po* **monstr*t*s *xploit*tion vi* **.n*m*sp***s(tru*) on *n *ntity-r***r*n*** no**. Typ* *on*usion o**urs w**n t**s* *un*tions pro**ss *