CVE-2023-0842

A flaw was found in node-xml2js. This flaw allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, making it possible to edit the proto property...

Security Bulletin: Security Vulnerabilities in IBM WebSphere Liberty and xml2js affect IBM Voice Gateway

Summary Security Vulnerabilities in IBM WebSphere Liberty and xml2js affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a specially-crafted reques...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2023-0842]

Summary Node.js module xml2js is used by IBM App Connect Enterprise Certified Container for processing xml data. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

Prototype Pollution

xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the proto. attribute...

0.extends.wechat (>=1.0.51 <=1.0.65), 00ld8nuivn (=2.1.0) +30694 more potentially affected by CVE-2023-0842 via xml2js (>=0.1.10 <=0.4.9)

xml2js NPM version =0.1.10, =1.0.51, =1.0.65 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkpu =1.1.0 - 098of6vzvl...

GHSA-776F-QX25-Q3CC xml2js is vulnerable to prototype pollution

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

DEBIAN-CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

Code injection

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

UBUNTU-CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

CVE-2023-0842

CVE-2023-0842 affects xml2js: version 0.4.23 allows prototype pollution by editing proto via unchecked JSON keys. Affected component: xml2js (Node.js). Impact (as stated): attacker could edit/add object properties through prototype pollution. Remediation: upgrade to newer xml2js releases; referen...

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

xml2js 安全漏洞

node-xml2js is an XML to JavaScript object converter from the individual developer Marek Kubica. A security vulnerability exists in xml2js version 0.4.23 that stems from the application not properly validating incoming JSON keys, allowing an attacker to edit the proto attribute...

PT-2023-3087

Name of the Vulnerable Software and Affected Versions xml2js versions prior to 0.5.0 Description The issue is related to uncontrolled modification of object prototype attributes in the xml2js software, which converts XML objects to JavaScript. This can allow a remote attacker to edit properties o...