Security Advisories (3)

CVE-2015-3451 (2015-04-23)

The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

https://metacpan.org/changes/distribution/XML-LibXML

CVE-2017-10672 (2015-04-23)

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::Attr - The DOM Attribute Class

synopsis

use XML::LibXML

$attr = XML::LibXML::Attr->new($name [,$value]);
$string = $attr->getValue();
$value = $attr->value;
$attr->setValue( $string );
$node = $attr->getOwnerElement();
$attr->setNamespace($nsURI, $prefix);

DESCRIPTION

This is the interface to handle Attributes like ordinary nodes. The naming of the class relies on the W3C DOM documentation.

Methods

new: Class constructor. If you need to work with iso encoded strings, you should allways use the createAttrbute of XML::LibXML::Document.
getValue: Returns the value stored for the attribute. If undef is returned, the attribute has no value, which is different of being not specified.
value: Alias for getValue()
setValue: This is needed to set a new attributevalue. If iso encoded strings are passed as parameter, the node has to be bound to a document, otherwise the encoding might be wrong done.
getOwnerElement: returns the node the attribute belongs to. If the attribute is not bound to a node, undef will be returned. Overwriting the underlaying implementation, the parentNode function will return undef, instead of the owner element.
setNamespace: This function activates a namespace for the given attribute. If the attribute was not previously declared in the context of the attribute this function will be silently ignored. In this case you may wish to call setNamespace() on the ownerElement.

AUTHOR

Matt Sergeant, Christian Glahn

VERSION

1.50

To install XML::LibXML, copy and paste the appropriate command in to your terminal.

cpanm

cpanm XML::LibXML

CPAN shell

perl -MCPAN -e shell
install XML::LibXML

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

synopsis

DESCRIPTION

Methods

AUTHOR

SEE ALSO

VERSION

Module Install Instructions

Keyboard Shortcuts