Lucene search
Veracode Vulnerability DatabaseVERACODE:40103HistoryApr 11, 2023 - 4:10 a.m.
Prototype Pollution
2023-04-1104:10:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
59
xml2js
vulnerability
prototype pollution
json keys
__proto__ attribute
0.001 Low
EPSS
Percentile
39.6%
xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the __proto__. attribute.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xml2js | le | 0.4.23 | |
| xml2js | le | 0.4.22 | |
| xml2js | le | 0.4.23 | |
| node-xml2js:sid | eq | 0.2.8-1.1 | |
| node-xml2js:sid | eq | 0.2.8-1 | |
| xml2js | le | 0.4.23 | |
| xml2js | le | 0.4.22 | |
| xml2js | le | 0.4.23 | |
| node-xml2js:sid | eq | 0.2.8-1.1 | |
| node-xml2js:sid | eq | 0.2.8-1 |
References
fluidattacks.com/advisories/myers/
github.com/advisories/GHSA-776f-qx25-q3cc
github.com/Leonidas-from-XIV/node-xml2js/
github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5
github.com/Leonidas-from-XIV/node-xml2js/pull/603
lists.debian.org/debian-lts-announce/2024/03/msg00013.html
Related
ubuntucve
ubuntucve
CVE-2023-0842
2023-04-05 00:00:00
ibm
ibm
osv
osv
node-xml2js - security update
2024-03-14 00:00:00
xml2js is vulnerable to prototype pollution
2023-04-05 21:30:24
debian
debian
[SECURITY] [DLA 3760-1] node-xml2js security update
2024-03-14 20:06:14
openvas
openvas
Debian: Security Advisory (DLA-3760-1)
2024-03-15 00:00:00
redhatcve
redhatcve
CVE-2023-0842
2023-05-05 17:21:29
debiancve
debiancve
CVE-2023-0842
2023-04-05 20:15:07
cve
cve
CVE-2023-0842
2023-04-05 20:15:07
prion
prion
Code injection
2023-04-05 20:15:00
nessus
nessus
Debian dla-3760 : node-xml2js - security update
2024-03-14 00:00:00
RHEL 8 : xml2js (Unpatched Vulnerability)
2024-06-03 00:00:00
nvd
nvd
CVE-2023-0842
2023-04-05 20:15:07
cvelist
cvelist
CVE-2023-0842
2023-04-05 00:00:00
github
github
xml2js is vulnerable to prototype pollution
2023-04-05 21:30:24