How severe is CVE-2023-0842?

CVE-2023-0842 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-0842

Name: xml2js
Author: xml2js_project

5.3MEDIUM

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the

公開日: 4/5/2023更新日: 9/24/2025

説明

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

AI分析AIによる分析

影響を受ける製品

xml2js_projectxml2js

0.4.23

参照

https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://github.com/Leonidas-from-XIV/node-xml2js/releases/tag/0.6.2
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html
https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html