Security
Headlines

Headlines Latest CVEs

Headline

GHSA-776f-qx25-q3cc: xml2js is vulnerable to prototype pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

xml2js is vulnerable to prototype pollution

High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 7, 2023

Related news

CVE-2023-28955: Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.

1 year ago

#vulnerability #dos #apache #nodejs #js #java #ssrf #vmware #auth #ibm #ssl

CVE-2023-0842: xml2js 0.4.23 - Prototype Pollution | Advisories | Fluid Attacks

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

#vulnerability #linux #js #git #java #perl #pdf #auth

ghsa: Latest News

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

14 hours ago

GHSA-3hxg-fxwm-8gf7: CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

14 hours ago

GHSA-82j3-hf72-7x93: Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

14 hours ago

GHSA-29wx-vh33-7x7r: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations

14 hours ago

GHSA-7vm6-qwh5-9x44: loona-hpack Panic Vulnerability

14 hours ago