How severe is CVE-2023-0842?

CVE-2023-0842 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-0842

Name: xml2js
Author: xml2js_project

5.3MEDIUM

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the

Publicado: 4/5/2023Actualizado: 9/24/2025

Descripción

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Análisis IAImpulsado por IA

Productos Afectados

xml2js_projectxml2js

0.4.23

Referencias

https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://github.com/Leonidas-from-XIV/node-xml2js/releases/tag/0.6.2
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html
https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html