How severe is CVE-2023-0842?

CVE-2023-0842 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-0842

Name: xml2js
Author: xml2js_project

5.3MEDIUM

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the

Veröffentlicht: 4/5/2023Aktualisiert: 9/24/2025

Beschreibung

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

KI-AnalyseKI-gestützt

Betroffene Produkte

xml2js_projectxml2js

0.4.23

Referenzen

https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://github.com/Leonidas-from-XIV/node-xml2js/releases/tag/0.6.2
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html
https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html