Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-0842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validat...

5.3CVSS6.6AI score0.01404EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:38 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )

Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...

5.3CVSS5.4AI score0.01404EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.10 views

RHEL 8 : xml2js (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-xml2js: xml2js is vulnerable to prototype pollution CVE-2023-0842 Note that Nessus has not tested for this iss...

5.3CVSS6.8AI score0.01404EPSS
Exploits1References1
Debian
Debian
added 2024/03/14 8:6 p.m.19 views

[SECURITY] [DLA 3760-1] node-xml2js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 14, 2024 https://wiki.debian.org/LTS -...

5.3CVSS5AI score0.01404EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/14 12:0 a.m.22 views

Debian dla-3760 : node-xml2js - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3760 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS6.6AI score0.01404EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 5:41 p.m.24 views

Security Bulletin: Xml2js is vulnerable to CVE-2023-0842 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Xml2js which is vulnerable to CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a...

5.3CVSS6.1AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 6:31 p.m.50 views

Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.4AI score0.99615EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:24 p.m.18 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842)

Summary Potential abitrary code execution vulnerability in xml2jsCVE-2023-0842 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote...

5.3CVSS6.2AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:29 a.m.48 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js CVE-2023-0842. The latest Fix Pack includes xml2js version 5.0 Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary...

5.3CVSS6.1AI score0.01404EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 1:30 p.m.30 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)

Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...

5.3CVSS6AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:45 a.m.24 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2023-0842]

Summary Node.js module xml2js is used by IBM App Connect Enterprise Certified Container for processing xml data. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

5.3CVSS6.1AI score0.01404EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/04/05 8:15 p.m.12 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.4AI score0.01404EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/04/05 8:15 p.m.66 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS6.8AI score0.01404EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.4 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

6.3AI score0.01404EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/04/05 12:0 a.m.13 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.4AI score0.01404EPSS
Exploits1References4
CVE
CVE
added 2023/04/05 12:0 a.m.199 views

CVE-2023-0842

CVE-2023-0842 affects xml2js: version 0.4.23 allows prototype pollution by editing proto via unchecked JSON keys. Affected component: xml2js (Node.js). Impact (as stated): attacker could edit/add object properties through prototype pollution. Remediation: upgrade to newer xml2js releases; referen...

5.3CVSS5AI score0.01404EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2023/04/05 12:0 a.m.25 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS6.3AI score0.01404EPSS
Exploits1
OSV
OSV
added 2023/04/05 12:0 a.m.4 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS6.5AI score0.01404EPSS
Exploits1References7
Rows per page
Query Builder