CVE-2025-12084

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-12084

Severity

Unknown

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

References

https://images.chainguard.dev/security/CGA-3f5c-5x8f-wp4q
https://github.com/advisories/GHSA-hfqx-732w-xrrw
https://images.chainguard.dev/security/CGA-crcr-2r4c-v88q
https://images.chainguard.dev/security/CGA-j9vm-xxgr-v4hr
https://images.chainguard.dev/security/CGA-3x3x-3c57-xqjq
https://images.chainguard.dev/security/CGA-6w5x-gcxf-8hm4
https://images.chainguard.dev/security/CGA-qx9w-jpxm-45wc
https://github.com/python/cpython/issues/142145
https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0
https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964
https://github.com/python/cpython/pull/142146

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-12084

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company