Wiz
Vulnerability DatabaseCVE-2022-37616

CVE-2022-37616
CBL Mariner vulnerability analysis and mitigation

Overview

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before version 0.8.3. The vulnerability affects versions = 0.9.0-beta.1 <0.7.6 >= 0.8.0, < 0.8.3 of @xmldom/xmldom and <= 0.6.0 of xmldom (GHSA Advisory).

Technical details

The vulnerability exists in the copy function within dom.js file of the xmldom package. However, attempts to provide an exploit were unsuccessful and the issue was in process of being marked as invalid. The vulnerability was assigned CVE-2022-37616 and classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) with a Low severity rating (GHSA Advisory).

Impact

If exploited, the vulnerability could potentially allow an attacker to cause unexpected syntactic changes during XML processing. However, the actual impact appears to be limited as attempts to exploit the vulnerability were unsuccessful (Ubuntu Notice).

Mitigation and workarounds

Users should update to patched versions: @xmldom/xmldom@~0.7.6, @xmldom/xmldom@~0.8.3 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.2 (dist-tag next). No alternative workarounds are available (GHSA Advisory).

Additional resources

SourceThis report was generated using AI

Related CBL Mariner vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-66031HIGH8.7
  • JavaScriptJavaScript
  • kibana-8.17
NoYesNov 26, 2025
CVE-2025-12638HIGH8
  • CBL MarinerCBL Mariner
  • keras
NoYesNov 28, 2025
CVE-2025-13601HIGH7.7
  • CBL MarinerCBL Mariner
  • glib2
NoYesNov 26, 2025
CVE-2025-66293HIGH7.1
  • OpenJDK JDKOpenJDK JDK
  • java-21-openjdk-headless-slowdebug
NoYesDec 03, 2025
CVE-2025-66030MEDIUM6.3
  • JavaScriptJavaScript
  • kibana-8.18
NoYesNov 26, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo