Security
Headlines

Headlines Latest CVEs

Headline

GHSA-776f-qx25-q3cc: xml2js is vulnerable to prototype pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

xml2js is vulnerable to prototype pollution

High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 7, 2023

Related news

CVE-2023-28955: Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.

1 year ago

#vulnerability #dos #apache #nodejs #js #java #ssrf #vmware #auth #ibm #ssl

CVE-2023-0842: xml2js 0.4.23 - Prototype Pollution | Advisories | Fluid Attacks

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

#vulnerability #linux #js #git #java #perl #pdf #auth

ghsa: Latest News

GHSA-8vvx-qvq9-5948: Flowise allows arbitrary file write to RCE

28 minutes ago

GHSA-xc76-5pf9-mx8m: In Azle, calling `setTimer` causes infinite loop of timers

1 hour ago

GHSA-x3m8-899r-f7c3: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

2 hours ago

GHSA-9p8x-f768-wp2g: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

2 hours ago

GHSA-h42x-xx2q-6v6g: Flowise Pre-auth Arbitrary File Upload

20 hours ago

We use cookies to provide necessary website functionality, and improve your user experience. By using the website, you agree to Privacy Policy and cookies usage.