CVE-2023-0842

Name
CVE-2023-0842
Description
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://fluidattacks.com/advisories/myers/
MISC https://github.com/Leonidas-from-XIV/node-xml2js/
help@fluidattacks.com https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:xml2js_project:xml2js:0.4.23:*:*:*:*:*:*:* xml2js == None == 0.4.23

Vulnerable and fixed packages

Source package Branch Version Maintainer Status