body-parser-xml is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as __proto__
, constructor
and prototype
in the index.js
.
CPE | Name | Operator | Version |
---|---|---|---|
body-parser-xml | le | 2.0.2 | |
body-parser-xml | le | 2.0.2 |
github.com/fiznool/body-parser-xml/commit/d46ca622560f7c9a033cd9321c61e92558150d63
github.com/fiznool/body-parser-xml/compare/9e569b71967d439265d7c5b0e72d97b678641ed4...d46ca622560f7c9a033cd9321c61e92558150d63
github.com/fiznool/body-parser-xml/pull/69
huntr.dev/bounties/1-other-fiznool/body-parser-xml