33 matches found
EUVD-2026-27102
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities were due to a prototype pollution issue in the xml2js library used for parsing XML request bodies. This...
Prototype Pollution
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Prototype Pollution via the xml2js used for parsing XML request bodies in webhook handlers. An authenticated attacker with permission to create or modify workflows could exploit this to pollute the...
EUVD-2026-1976
Malicious code in xml2js-js npm...
Malicious code in xml2js-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f9df8257f4f610dbfd70460757eb36539314c7cce4d9eda82758da6984725 The package xml2js-js was found to contain malicious code. Source: ghsa-malware cf7cd10255ee6ff91469e7f180436d90c3eca29de3dc0b3f883c13403ca30132 Any...
MAL-2026-234 Malicious code in xml2js-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f9df8257f4f610dbfd70460757eb36539314c7cce4d9eda82758da6984725 The package xml2js-js was found to contain malicious code. Source: ghsa-malware cf7cd10255ee6ff91469e7f180436d90c3eca29de3dc0b3f883c13403ca30132 Any...
Malicious Package
Overview xml2js-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2023-1222
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-0842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validat...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )
Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...
RHEL 8 : xml2js (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - node-xml2js: xml2js is vulnerable to prototype pollution CVE-2023-0842 Note that Nessus has not tested for this iss...
Debian: Security Advisory (DLA-3760-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3760-1] node-xml2js security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 14, 2024 https://wiki.debian.org/LTS -...
DLA-3760-1 node-xml2js - security update
Bulletin has no description...
Debian dla-3760 : node-xml2js - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3760 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: Xml2js is vulnerable to CVE-2023-0842 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Xml2js which is vulnerable to CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to xml2js abitrary code execution vulnerability(CVE-2023-0842)
Summary Potential abitrary code execution vulnerability in xml2jsCVE-2023-0842 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js (CVE-2023-0842)
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to the module xml2js CVE-2023-0842. The latest Fix Pack includes xml2js version 5.0 Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)
Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...
CVE-2023-0842
A flaw was found in node-xml2js. This flaw allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, making it possible to edit the proto property...