How severe is CVE-2023-0842?

CVE-2023-0842 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-0842

Name: xml2js
Author: xml2js_project

5.3MEDIUM

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the

发布于: 4/5/2023更新于: 9/24/2025

描述

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

AI分析AI驱动

受影响产品

xml2js_projectxml2js

0.4.23

参考资料

https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://github.com/Leonidas-from-XIV/node-xml2js/releases/tag/0.6.2
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html
https://fluidattacks.com/advisories/myers/
ExploitThird Party Advisory
https://github.com/Leonidas-from-XIV/node-xml2js/
Product
https://lists.debian.org/debian-lts-announce/2024/03/msg00013.html