EUVD-2021-1949

Malware in sbrugna...

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

body-parser-xml code issue vulnerability

body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...

@hosoft/restful-api-framework (>=1.0.1 <=1.5.3), @iamkenos/fragile (>=0.1.1 <=0.1.5) +28 more potentially affected by CVE-2021-3666 via body-parser-xml (>=1.1.0 <=2.0.1)

body-parser-xml NPM version =1.1.0, =1.0.1, =0.1.1, =1.229.0, =0.0.8, =0.1.0, =0.1.4, =0.1.0, =0.8.2-alpha.2, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.1.0 - hubot-wework =0.1.0 and more Source cves: CVE-2021-3666 Source advisory: OSV:GHSA-2GHC-6V89-PW9J...

body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3666 Prototype Pollution in fiznool/body-parser-xml

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

CVE-2021-3666

CVE-2021-3666 : Vulnerability in body-parser-xml (prototype pollution via Improperly Controlled Modification of Object Prototype Attributes). Multiple connected sources confirm this CVE; CVSS details (3.1) show a NETWORK attack vector, no privileges required, no user interaction, and high impact ...

@iamkenos/fragile (>=0.1.1 <=0.1.5) potentially affected by CVE-2021-3666 via body-parser-xml (=2.0.1)

body-parser-xml NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser-xml and may be impacted: - @iamkenos/fragile =0.1.1, =0.1.5 Source cves: CVE-2021-3666 Source advisory: SNYK:JS-BODYPARSERXML-1584211...

Prototype Pollution

Overview body-parser-xml is a XML parser middleware for express.js. Affected versions of this package are vulnerable to Prototype Pollution. The prototype of req.body can be polluted. PoC const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser...

Prototype Pollution

body-parser-xml is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype in the index.js...