Published: 05/04/2023 Updated: 14/03/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

xml2js version 0.4.23 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xml2js project xml2js 0.4.23

Debian Bug report logs - #1034148 node-xml2js: CVE-2023-0842 Package: src:node-xml2js; Maintainer for src:node-xml2js is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2023 12:18:01 UTC Severity: important Tags: sec ...

xml2js version 0423 allows an external attacker to edit or add new properties to an object This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited ...

CWE-1321 https://fluidattacks.com/advisories/myers/https://github.com/Leonidas-from-XIV/node-xml2js/https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034148 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-0842

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect