Insufficient Granularity of Access Control
CVE-2021-20066
Summary
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. NOTE - This vulnerability is disputed by JSDom's maintainers as mentioned in the issue page.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-1220 - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
References
Advisory Timeline
- Published