182 matches found
Prototype Pollution
Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Prototype Pollution due to improper argument validation, which is exploitable via the aName variable. PoC js const XMLParser, XMLBuilder, XMLValidator...
PT-2021-24348 · Unknown · Fast-Xml-Parser
Name of the Vulnerable Software and Affected Versions: fast-xml-parser versions prior to 4.1.2 Description: The issue allows for Prototype Pollution via the proto variable. This can be exploited by including proto as a tag or attribute name in an XML string. The estimated number of potentially...