How severe is CVE-2023-0842?

CVE-2023-0842 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-0842

Name: xml2js
Author: xml2js_project

5.3MEDIUM

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the

게시됨: 4/5/2023업데이트됨: 9/24/2025

설명

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

AI 분석AI 기반

영향받는 제품

xml2js_projectxml2js

0.4.23

참조

https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://github.com/Leonidas-from-XIV/node-xml2js/releases/tag/0.6.2
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html
https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html