Lucene search
MitreCVE-2023-26920HistoryDec 12, 2023 - 5:15 p.m.
CVE-2023-26920
2023-12-1217:15:07
CWE-1321
mitre
web.nvd.nist.gov
120
cve-2023-26920
nvd
information security
fast-xml-parser
prototype pollution
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
27.5%
fast-xml-parser before 4.1.2 allows proto for Prototype Pollution.
Affected configurations
Node
naturalintelligencefast_xml_parserRange<4.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| naturalintelligence | fast_xml_parser | * | cpe:2.3:a:naturalintelligence:fast_xml_parser:*:*:*:*:*:*:*:* |
Related
veracode
veracode
Prototype Pollution
2023-06-21 10:30:32
prion
prion
Design/Logic Flaw
2023-12-12 17:15:00
cvelist
cvelist
CVE-2023-26920
2023-12-12 00:00:00
nvd
nvd
CVE-2023-26920
2023-12-12 17:15:07
ibm
ibm
github
github
osv
osv
Druid ingestion system Authenticated users can read data from other sources than intended
2021-08-13 15:21:50
CVE-2021-26920
2021-07-02 08:15:08
CVE-2023-26920
2023-12-12 17:15:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
27.5%
Related for CVE-2023-26920