Vulnerabilities > CVE-2023-0842 - Unspecified vulnerability in Xml2Js Project Xml2Js 0.4.23

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
xml2js-project

Summary

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Vulnerable Configurations

Part Description Count
Application
Xml2Js_Project
1