xml2js is vulnerable to Prototype Pollution. The vulnerability exists because the library does not properly validate the incoming JSON keys, allowing an attacker to modify the __proto__.
attribute.
CPE | Name | Operator | Version |
---|---|---|---|
xml2js | le | 0.4.23 | |
xml2js | le | 0.4.22 | |
xml2js | le | 0.4.23 | |
node-xml2js:sid | eq | 0.2.8-1.1 | |
node-xml2js:sid | eq | 0.2.8-1 | |
xml2js | le | 0.4.23 | |
xml2js | le | 0.4.22 | |
xml2js | le | 0.4.23 | |
node-xml2js:sid | eq | 0.2.8-1.1 | |
node-xml2js:sid | eq | 0.2.8-1 |
fluidattacks.com/advisories/myers/
github.com/advisories/GHSA-776f-qx25-q3cc
github.com/Leonidas-from-XIV/node-xml2js/
github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5
github.com/Leonidas-from-XIV/node-xml2js/pull/603
lists.debian.org/debian-lts-announce/2024/03/msg00013.html